Weaknesses of type CWE-639
1,591 resultsCVE-2025-63248HIGHDWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of anotEPSS 0.3%CVE-2026-28354MEDIUMClipBucket v5 has IDOR in Collection Item ManagementEPSS 0.3%CVE-2024-42169HIGHHCL MyXalytics is affected by insecure direct object referencesEPSS 0.3%CVE-2026-49339HIGHPath traversal in getPlaylist/deletePlaylist bypasses ownership check: any authenticated user can read or delete any other user's playlistEPSS 0.3%CVE-2026-5135MEDIUMForeman: foreman: unauthorized modification of host configurations via broken access controlEPSS 0.3%CVE-2026-44692HIGHAuthenticated Sharp users can download unrelated Laravel Storage objects through the generic download endpointEPSS 0.3%CVE-2026-5348MEDIUMAcademy LMS <= 3.8.1 - Unauthenticated Insecure Direct Object Reference to Private Topic DisclosureEPSS 0.3%CVE-2026-54361HIGHMISP mass assignment vulnerabilities allow unauthorized modification of ownership and delegation recordsEPSS 0.3%CVE-2026-41279HIGHFlowise: Unauthenticated TTS endpoint accepts arbitrary credential IDs — enables API credit abuse via stored credentialsEPSS 0.3%CVE-2025-1031HIGHIDOR in Utarit Informatics' SoliClubEPSS 0.3%CVE-2026-54184HIGHWordPress Clean Login plugin <= 1.15 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-36365MEDIUMIBM Db2 Privilege EscalationEPSS 0.3%CVE-2026-25930MEDIUMOpenEMR's Printable LBF Endpoint Leaks Arbitrary Patient FormsEPSS 0.3%CVE-2025-50849HIGHCS Cart 4.18.3 is vulnerable to Insecure Direct Object Reference (IDOR). The user profile functionality allows enabling or disabling stickerEPSS 0.3%CVE-2026-25929MEDIUMOpenEMR Patient Picture Context Allows Arbitrary Patient Photo RetrievalEPSS 0.3%CVE-2026-25220MEDIUMOpenEMR Messages "Show All" Not Restricted to AdminsEPSS 0.3%CVE-2026-27839MEDIUMwger: IDOR in nutritional_values endpoints exposes private dietary data via direct ORM lookupEPSS 0.3%CVE-2026-10623MEDIUMPressPrimer Quiz <= 2.3.0 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Modification via 'quiz_id', 'item_id', and 'rule_id' ParametersEPSS 0.3%CVE-2026-27943MEDIUMOpenEMR's Eye Exam View Trusts form_id Without Verifying Patient/Encounter OwnershipEPSS 0.3%CVE-2024-49388LOWSensitive information manipulation due to improper authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, WindEPSS 0.3%