Weaknesses of type CWE-639

1,590 results
CVE-2025-46386HIGHCWE-639 Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2024-43239MEDIUMWordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerabilityEPSS 0.3%CVE-2024-11915MEDIUMRRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-41160MEDIUMEspoCRM: Broken Access Control / IDOR in Note Pinning API allows unauthorized modification of notesEPSS 0.3%CVE-2025-14772HIGHBroken Access Control in ABB T-MAC Plus web applicationEPSS 0.3%CVE-2026-12204MEDIUMShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorizationEPSS 0.3%CVE-2023-50342HIGHInsecure Direct Object Reference (IDOR) affects DRYiCE MyXalyticsEPSS 0.3%CVE-2026-2414MEDIUMAuthorization bypass through User-Controlled key vulnerability in HYPR Server allows Privilege Escalation.This issue affects Server: from 9.EPSS 0.3%CVE-2026-4563MEDIUMMacCMS Member Order Detail User.php order_info authorizationEPSS 0.3%CVE-2025-32223MEDIUMWordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-33760HIGHLangflow: IDOR/BOLA in Monitor API — Missing Ownership Enforcement on 7 EndpointsEPSS 0.3%CVE-2026-9306MEDIUMQuantumNous new-api Midjourney Image Relay Endpoint relay-router.go GetByOnlyMJId authorizationEPSS 0.3%CVE-2024-39901MEDIUMOpenSearch Observability does not properly restrict access to private tenant resourcesEPSS 0.3%CVE-2026-31820HIGHSylius affected by IDOR in Cart and Checkout LiveComponentsEPSS 0.3%CVE-2025-65034HIGHRallly Improper Authorization Allows Reopening of Any Finalized Poll via Public pollIdEPSS 0.3%CVE-2025-34435HIGHAVideo < 20.1 IDOR Arbitrary File DeletionEPSS 0.3%CVE-2025-65029HIGHRallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll ParticipantsEPSS 0.3%CVE-2024-10690MEDIUMShortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2025-65033HIGHRallly Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID ManipulationEPSS 0.3%CVE-2024-10775MEDIUMPiotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%