Weaknesses of type CWE-639

1,587 results
CVE-2024-12447MEDIUMGet Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content ShortcodeEPSS 0.3%CVE-2023-3290MEDIUMA BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0EPSS 0.3%CVE-2026-33759MEDIUMAVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist ContentsEPSS 0.3%CVE-2026-25197CRITICALGardyn Cloud API Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2024-21759LOWAn authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker EPSS 0.3%CVE-2026-45750CRITICALTermix Vulnerable to Arbitrary Command Execution in File ManagerEPSS 0.3%CVE-2024-12059MEDIUMElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options ReadEPSS 0.3%CVE-2025-51533MEDIUMAn Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via senEPSS 0.3%CVE-2024-10692MEDIUMPowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-44570HIGHOpen WebUI: Inconsistent authorization controls within memories APIEPSS 0.3%CVE-2024-10688MEDIUMAttesa Extra <= 1.4.2 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-53673HIGHBuddyPress 14.4.0 Private Message IDOR via REST API user_id ParameterEPSS 0.3%CVE-2025-41099HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.3%CVE-2026-8027MEDIUMFlowiseAI Flowise User Controller authorizationEPSS 0.3%CVE-2026-13549MEDIUMCodeAstro Complaint Management System Report Endpoint Report.php deletereport authorizationEPSS 0.3%CVE-2026-41649HIGHOutline has IDOR in document share creation that allows unauthorized access to private documents across workspacesEPSS 0.3%CVE-2026-12904MEDIUMKadence Blocks <= 3.7.7 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Optimizer Data Deletion/Read/Modification via 'post_path' ParameterEPSS 0.3%CVE-2025-6038HIGHLisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege EscalationEPSS 0.3%CVE-2024-29020MEDIUMJumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leakedEPSS 0.3%CVE-2025-46386HIGHCWE-639 Authorization Bypass Through User-Controlled KeyEPSS 0.3%