Weaknesses of type CWE-639

1,587 results
CVE-2024-13873MEDIUMWP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo DisconnectionEPSS 0.3%CVE-2026-42456MEDIUMAnythingLLM: Cross-User TTS Audio Disclosure via Chat ID (IDOR)EPSS 0.3%CVE-2026-6570MEDIUMkodcloud KodExplorer systemMember.class.php initInstall authorizationEPSS 0.3%CVE-2024-33373MEDIUMAn issue in the LB-LINK BL-W1210M v2.0 router allows attackers to bypass password complexity requirements and set single digit passwords forEPSS 0.3%CVE-2024-10693MEDIUMSKT Addons for Elementor <= 3.3 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-56069HIGHWordPress Toolset Forms plugin <= 2.6.24 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-6583MEDIUMTransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorizationEPSS 0.3%CVE-2026-6585MEDIUMTransformerOptimus SuperAGI Organisation Update Endpoint organisation.py update_organisation authorizationEPSS 0.3%CVE-2025-65098HIGHTypebot Vulnerable to Credential Theft via Client-Side Script Execution and API Authorization BypassEPSS 0.3%CVE-2026-54105MEDIUMU.S. GAO EPDS and CBCA EDS user information disclosureEPSS 0.3%CVE-2025-15018CRITICALOptional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account TakeoverEPSS 0.3%CVE-2024-10695MEDIUMFuturio Extra <= 2.0.13 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-12062MEDIUMCharity Addon for Elementor <= 1.3.3 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-10770MEDIUMEnvo Extra <= 1.9.3 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-10669MEDIUMCountdown Timer block – Display the event's date into a timer. <= 1.2.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-10667MEDIUMContent Slider Block – Create fully functional slider with Gutenberg block <= 3.1.5 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2025-7718HIGHResideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2026-28469HIGHOpenClaw < 2026.2.14 - Cross-Account Policy Context Misrouting via Shared Webhook Path AmbiguityEPSS 0.3%CVE-2025-13110MEDIUMHUSKY – Products Filter Professional for WooCommerce <= 1.3.7.3 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'woof_add_subscr'EPSS 0.3%CVE-2026-6584MEDIUMTransformerOptimus SuperAGI User Update Endpoint user.py update_user authorizationEPSS 0.3%