Weaknesses of type CWE-639
1,528 resultsCVE-2023-49298HIGHOpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file daEPSS 1.2%CVE-2024-9263CRITICALWP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.25 - Insecure Direct Object Reference to Unauthenticated Arbitrary User Password/Email Reset/Account TakeoverEPSS 1.1%CVE-2021-24840—Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts DisclosureEPSS 1.1%CVE-2021-22967—In Concrete CMS (formerly concrete 5) below 8.5.7, IDOR Allows Unauthenticated User to Access Restricted Files If Allowed to Add Message to EPSS 1.1%CVE-2022-1614—WP-Email < 2.69.0 - Anti-Spam Protection Bypass via IP SpoofingEPSS 1.1%CVE-2022-41479HIGHThe DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objectsEPSS 1.1%CVE-2023-2276CRITICALWCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password ChangeEPSS 1.1%CVE-2022-0266MEDIUMAuthorization Bypass Through User-Controlled Key in livehelperchat/livehelperchatEPSS 1.1%CVE-2023-24625MEDIUMFaveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attEPSS 1.1%CVE-2022-23061MEDIUMShopizer - IDOR delete superadminEPSS 1.1%CVE-2023-6317HIGHPIN/prompt bypass on the secondscreen.gateway service allows access to the SSAP API without user interactionEPSS 1.1%CVE-2021-22951—Unauthorized individuals could view password protected files using view_inline in Concrete CMS (previously concrete 5) prior to version 8.5.EPSS 1.1%CVE-2021-36801HIGHAkaunting Authentication Bypass in Company SelectionEPSS 1.1%CVE-2021-44160HIGHCarinal Tien Hospital Health Report System - Authorization Bypass Through User-Controlled KeyEPSS 1.1%CVE-2017-0882—Multiple versions of GitLab expose sensitive user credentials when assigning a user to an issue or merge request. A fix was included in versEPSS 1.1%CVE-2021-32744CRITICALUnauthenticated attacker could gain access to currently open filesEPSS 1.1%CVE-2021-25096—IP2Location Country Blocker < 2.26.5 - Ban BypassEPSS 1.0%CVE-2024-37889MEDIUMMyFinances Allows Unauthorized Access to Other Customer DataEPSS 1.0%CVE-2023-32310HIGHDataEase API interface has IDOR vulnerabilityEPSS 1.0%CVE-2023-43668—Apache InLong: Jdbc Connection Security Bypass in InLongEPSS 1.0%