Weaknesses of type CWE-639

1,587 results
CVE-2024-8123MEDIUMThe Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-13490MEDIUMglpi-project glpi Document document.send.php canViewFile authorizationEPSS 0.3%CVE-2026-44426MEDIUMShellHub: Cross-tenant IDOR in `GET /api/namespaces/:tenant` via API Key bypasses membership checkEPSS 0.3%CVE-2026-2104MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2024-13601MEDIUMMajestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.3%CVE-2024-2346MEDIUMFileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object ReferenceEPSS 0.3%CVE-2018-25129HIGHSOCA Access Control System 180612 Information Disclosure via Multiple EndpointsEPSS 0.3%CVE-2026-1987MEDIUMScheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event ModificationEPSS 0.3%CVE-2026-47189HIGHQuest Bot: AutoMod removal can delete rules from another guild by global rule IDEPSS 0.3%CVE-2025-20114MEDIUMCisco Unified Intelligence Center Insecure Direct Object Reference VulnerabilityEPSS 0.3%CVE-2025-43790HIGHInsecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6EPSS 0.3%CVE-2026-7638MEDIUMApp Builder <= 5.5.10 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Avatar Modification via 'user_id' ParameterEPSS 0.3%CVE-2025-56392HIGHAn Insecure Direct Object Reference (IDOR) in the /dashboard/notes endpoint of Syaqui Collegetivity v1.0.0 allows attackers to impersonate oEPSS 0.3%CVE-2025-2271HIGHIDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.aspEPSS 0.3%CVE-2025-11741MEDIUMWPC Smart Quick View for WooCommerce <= 4.2.5 - Insecure Direct Object Reference to Unauthenticated Private Product ExposureEPSS 0.3%CVE-2025-40650HIGHInsecure Direct Object Reference (IDOR) in ClickeduEPSS 0.3%CVE-2024-39900MEDIUMOpenSearch Dashboards Reports does not properly restrict access to private tenant resourcesEPSS 0.3%CVE-2026-23488MEDIUMBlinko: multiple interfaces in the comment feature allow unauthorized accessEPSS 0.3%CVE-2025-51867MEDIUMInsecure Direct Object Reference (IDOR) vulnerability in Deepfiction AI (deepfiction.ai) thru June 3, 2025, allowing attackers to chat with EPSS 0.3%CVE-2026-32300HIGHConnect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User InformationEPSS 0.3%