Weaknesses of type CWE-639

1,591 results
CVE-2026-34055HIGHOpenEMR has IDOR in Patient Notes Web UI allows unauthorized note access/modificationEPSS 0.3%CVE-2026-45552CRITICALRoxy-WI: Cross-tenant authorization bypass on /install/* — guest can run Ansible / SSH on every registered serverEPSS 0.3%CVE-2026-42279MEDIUMsolidtime: Time entry update endpoint allows cross-organization modification of a known time-entry UUIDEPSS 0.3%CVE-2026-56774MEDIUMKanboard - Cross-User Deletion of Persistent Login Sessions via Unvalidated Session IDEPSS 0.3%CVE-2026-50283MEDIUMCraft CMS: Unauthorized Deletion of Source Assets During File ReplacementEPSS 0.3%CVE-2025-64105MEDIUMFOSSBilling: IDOR Vulnerability in Support Ticket CreationEPSS 0.3%CVE-2026-56780HIGHModoboa < 2.9.0 - Insecure Direct Object Reference in Account Password Change APIEPSS 0.3%CVE-2026-31956MEDIUMXibo CMS has Preview and SavedReport IDOR via disableUserCheck without controller-level authorizationEPSS 0.3%CVE-2026-27708HIGHFOSSBilling: IDOR in Servicecustom Client API allows cross-client data accessEPSS 0.3%CVE-2024-13740MEDIUMProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages DisclosureEPSS 0.3%CVE-2024-4843MEDIUMePO doesn't allow a regular privileged user to delete tasks or assignments. Insecure direct object references that allow a least privileged EPSS 0.3%CVE-2026-33678HIGHVikunja has IDOR in Task Attachment ReadOne Allows Cross-Project File Access and DeletionEPSS 0.3%CVE-2025-0606MEDIUMIDOR in Logo Software's Logo CloudEPSS 0.3%CVE-2026-28225MEDIUMManyfold has IDOR in ModelFilesControllerEPSS 0.3%CVE-2025-7347HIGHIDOR in Dinibh Puzzle's Dinibh Patrol Tracking SystemEPSS 0.3%CVE-2026-6566MEDIUMPhoto Gallery, Sliders, Proofing and Themes <= 4.2.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Image Deletion via REST APIEPSS 0.3%CVE-2025-8770MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2026-28354MEDIUMClipBucket v5 has IDOR in Collection Item ManagementEPSS 0.3%CVE-2025-63248HIGHDWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of anotEPSS 0.3%CVE-2025-0661MEDIUMDethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post DisclosureEPSS 0.3%