Weaknesses of type CWE-639
1,587 resultsCVE-2024-12102MEDIUMTyper Core <= 1.9.6 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2025-11957CRITICALImproper authorization in the temporary access workflow of Devolutions Server 2025.2.12.0 and earlier allows an authenticated basic user to EPSS 0.3%CVE-2024-12472MEDIUMPost Duplicator <= 2.36 - Authenticated (Contributor+) Protected Post DisclosureEPSS 0.3%CVE-2024-39897MEDIUMCache driver GetBlob() allows read access to any blob without access control checkEPSS 0.3%CVE-2025-15025HIGHIDOR in Yordam Informatics' Library Automation SystemEPSS 0.3%CVE-2025-49995MEDIUMWordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-1619HIGHIDOR in Universal Sotware's FlexCity/KioskEPSS 0.3%CVE-2023-32669MEDIUMAuthorization Bypass on BuddyBossEPSS 0.3%CVE-2025-61148MEDIUMAn Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to accessEPSS 0.3%CVE-2026-29200CRITICALA critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerabilitEPSS 0.3%CVE-2024-4154HIGHIncorrect Synchronization in lunary-ai/lunaryEPSS 0.3%CVE-2024-45232HIGHAn issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, EPSS 0.3%CVE-2024-12114MEDIUMFooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page UpdatesEPSS 0.3%CVE-2025-9902HIGHIDOR in Akınsoft QRMenuEPSS 0.3%CVE-2025-24850MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-24134MEDIUMStudioCMS has an Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-14802MEDIUMLearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material DeletionEPSS 0.3%CVE-2024-12447MEDIUMGet Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content ShortcodeEPSS 0.3%CVE-2026-42205HIGHAvo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across ResourcesEPSS 0.3%CVE-2024-10797MEDIUMFull Screen Menu for Elementor <= 1.0.7 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%