Weaknesses of type CWE-639

1,590 results
CVE-2025-65029HIGHRallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll ParticipantsEPSS 0.3%CVE-2026-33724MEDIUMn8n's Source Control SSH Configuration Uses StrictHostKeyChecking=noEPSS 0.3%CVE-2026-40768HIGHWordPress Salon booking system plugin <= 10.30.24 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2024-4341MEDIUMIDOR in ExtremePacs's Extreme XDSEPSS 0.3%CVE-2026-54826HIGHWordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2024-42422HIGHDell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker EPSS 0.3%CVE-2026-7886LOWConcrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameterEPSS 0.3%CVE-2026-32097HIGHPingPong has improper access control in thread file endpoints allows access outside intended scopeEPSS 0.3%CVE-2026-3321HIGHAuthorization Bypass in ON24 Q&A chatEPSS 0.3%CVE-2025-59133HIGHWordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-44736MEDIUMOpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package SubjectsEPSS 0.3%CVE-2026-53471CRITICALMigration-planner: agent api ignores jwt source_id claimEPSS 0.3%CVE-2025-3769MEDIUMLatepoint <= 5.1.92 - Unauthenticated Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-44504HIGHAegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)EPSS 0.3%CVE-2025-54691MEDIUMWordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2024-52601MEDIUMiTop portal Insecure Direct Object Reference vulnerabilityEPSS 0.3%CVE-2026-10038MEDIUMCharitable <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion via 'avatar' ParameterEPSS 0.3%CVE-2025-7049HIGHWPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2025-57994MEDIUMWordPress Upcoming Events Lists Plugin <= 1.4.0 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2026-31867MEDIUMCraft Commerce has a Potential IDOR in Commerce cartsEPSS 0.3%