Weaknesses of type CWE-639

1,590 results
CVE-2026-44718MEDIUMMathesar: Missing collaborator checks allowed access to saved explorations in other databasesEPSS 0.3%CVE-2026-48868HIGHWordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-6552HIGHAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2025-26660MEDIUMBroken Access Control in SAP Fiori apps (Posting Library)EPSS 0.3%CVE-2025-64516HIGHGLPI incorrectly authorizes access to documentsEPSS 0.3%CVE-2026-33730MEDIUMOpen Source Point of Sale has an IDOR in Password Change (Home)EPSS 0.3%CVE-2025-6574HIGHService Finder Bookings < 6.1 - Authenticated (Subscriber+) Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2026-20904MEDIUMGitea: Broken access control in OpenID visibility toggle enables cross-user visibility changesEPSS 0.3%CVE-2026-45666MEDIUMOpen WebUI: Indirect Object Reference (IDOR) in user notesEPSS 0.3%CVE-2026-4549LOWmickasmt next-saas-stripe-starter Stripe API open-customer-portal.ts openCustomerPortal authorizationEPSS 0.3%CVE-2024-6357MEDIUMInsecure Direct Object Reference vulnerabilityEPSS 0.3%CVE-2026-53726MEDIUMParse Server: Relation `$relatedTo` query bypasses `protectedFields` and owning-object ACLEPSS 0.3%CVE-2026-11988MEDIUMLearnPress <= 4.3.9.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Disclosure via 'userId' ParameterEPSS 0.3%CVE-2024-5258MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2026-4171MEDIUMCodeGenieApp serverless-express API Endpoint TodoList.ts authorizationEPSS 0.3%CVE-2025-7899MEDIUMInsecure Direct Object Reference in extension "powermail" (powermail)EPSS 0.3%CVE-2026-54324MEDIUMDaytona: Cross-tenant data leak in notification WebSocket gateway via unverified organizationId joinEPSS 0.3%CVE-2025-20214MEDIUMA vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attaEPSS 0.3%CVE-2026-2366LOWKeycloak: keycloak: information disclosure via authorization bypass in admin apiEPSS 0.3%CVE-2025-55737MEDIUMflaskBlog arbitrary comment deleteEPSS 0.3%