Weaknesses of type CWE-639

1,585 results
CVE-2026-6612MEDIUMTransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorizationEPSS 0.3%CVE-2025-58012LOWWordPress Content Mask plugin <= 1.8.5.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-63065MEDIUMWordPress Media LIbrary Assistant plugin <= 3.29 - Broken Access Control vulnerabilityEPSS 0.3%CVE-2025-41020HIGHInsecure direct object reference (IDOR) vulnerability in Sergestec's ExitoEPSS 0.3%CVE-2026-5842MEDIUMdecolua 9router Administrative API Endpoint api authorizationEPSS 0.3%CVE-2026-42947HIGHNaxclow IoT Platform Authorization bypass through User-Controlled keyEPSS 0.3%CVE-2026-9087MEDIUMKeycloak: cross-session email verification proof not bound to upstream identity in first-broker-loginEPSS 0.3%CVE-2025-58597MEDIUMWordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2026-24901HIGHOutline's IDOR allows unauthorized viewing and seizing of private deleted draftsEPSS 0.3%CVE-2024-42464HIGHLeak of user informationEPSS 0.3%CVE-2026-33304MEDIUMOpenEMR has Authorization Bypass in Dated Reminders LogEPSS 0.3%CVE-2026-47266HIGHFormie: Unauthenticated front-end submission editing can overwrite existing submissionsEPSS 0.3%CVE-2026-6375HIGHAuthorization bypass through User-Controlled key in SpiceJet Online Booking SystemEPSS 0.3%CVE-2025-41358HIGHDirect reference to insecure objects (IDOR) in CronosWeb from CronosWeb i2AEPSS 0.3%CVE-2024-10777MEDIUMAnyWhere Elementor <= 1.2.11 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-10787MEDIUMLA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-5942MEDIUMPage and Post Clone <= 6.0 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information ExposureEPSS 0.3%CVE-2024-7848MEDIUMUser Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File AccessEPSS 0.3%CVE-2026-12073CRITICALProfileGrid - User Profiles, Groups and Communities <= 5.9.9.5 - Unauthenticated Privilege Escalation via Email OverwriteEPSS 0.3%CVE-2024-43288MEDIUMWordPress wpForo Forum plugin <= 2.3.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%