Weaknesses of type CWE-639

1,590 results
CVE-2026-31867MEDIUMCraft Commerce has a Potential IDOR in Commerce cartsEPSS 0.3%CVE-2026-45832HIGHAll V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing atEPSS 0.3%CVE-2026-45281HIGHNextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set UpdateEPSS 0.3%CVE-2025-8447HIGHIncorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only accessEPSS 0.3%CVE-2024-11216HIGHBroken Access Control in PozitifIK's Pik OnlineEPSS 0.3%CVE-2026-30231MEDIUMFlare: Private File IDOR via raw/direct endpointsEPSS 0.3%CVE-2026-45743HIGHTermix has a File-Manager Session Hijack via Missing Ownership Check (IDOR)EPSS 0.3%CVE-2025-55795LOWThe openml/openml.org web application version v2.0.20241110 uses incremental user IDs and insufficient email ownership verification during eEPSS 0.3%CVE-2026-11500LOWWeaviate Static API Key client.go validateConfig authorizationEPSS 0.3%CVE-2026-2879MEDIUMGetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Arbitrary Post Overwrite/DeletionEPSS 0.3%CVE-2025-4596MEDIUMInformation disclosure via IDOR in Asseco AMDXEPSS 0.3%CVE-2026-7510MEDIUMOWAP DefectDojo Benchmark/Engagement/Product/Survey authorizationEPSS 0.3%CVE-2026-46558HIGHPlane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspacesEPSS 0.3%CVE-2026-33030HIGHNginx UI: Unencrypted Storage of DNS API Tokens and ACME Private KeysEPSS 0.3%CVE-2026-25564HIGHWeKan < 8.19 Checklist Deletion IDOR via Missing Relationship ValidationEPSS 0.3%CVE-2025-0987CRITICALIDOR in CB Project's CVLandEPSS 0.3%CVE-2026-12102LOWUsersWP <= 1.2.63 - Insecure Direct Object Reference to Authenticated (Editor+) Arbitrary User Avatar/Banner Reset via 'user_id' ParameterEPSS 0.3%CVE-2026-32894HIGHChamilo LMS has an IDOR in Gradebook Allows Cross-Course Deletion of Any Student's Grade ResultEPSS 0.3%CVE-2026-25563HIGHWeKan < 8.19 Checklist Creation Cross-Board IDOREPSS 0.3%CVE-2025-66911MEDIUMTurms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. TEPSS 0.3%