Weaknesses of type CWE-639

1,592 results
CVE-2026-7491HIGHZyosoft|School App - Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-9493HIGHBankPro E-Service Technology|Service Center - Insecure Direct Object ReferenceEPSS 0.3%CVE-2025-62244MEDIUMInsecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.3.1 through 7.4.3.111, and Liferay DXP 2023.Q4.0 tEPSS 0.3%CVE-2026-52782CRITICALOpenProject: IDOR through /projects/<A>/settings/project_storages/<A_ps_id> via PATCH parameter "storages_project_storage[project_folder_id]" leads to Access to Unauthorized ResourcesEPSS 0.3%CVE-2025-66306MEDIUMGrav vulnerable to Information Disclosure via IDOR in Grav Admin PanelEPSS 0.3%CVE-2025-3292MEDIUMUser Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password UpdateEPSS 0.3%CVE-2026-56784HIGHOpenRemote < 1.25.0 IDOR via Bulk Alarm Deletion EndpointEPSS 0.3%CVE-2026-57341MEDIUMWordPress Colissimo Officiel : Méthodes de livraison pour WooCommerce plugin <= 2.9.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-27835MEDIUMwger: IDOR in RepetitionsConfig and MaxRepetitionsConfig API leak other users' workout dataEPSS 0.3%CVE-2025-43803MEDIUMInsecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsEPSS 0.3%CVE-2025-10719MEDIUMWisdomGarden|Tronclass - Insecure Direct Object ReferenceEPSS 0.3%CVE-2025-15147MEDIUMWCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.11.8 - Insecure Direct Object Reference to Update Membership PaymentEPSS 0.3%CVE-2025-13457HIGHWooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_idEPSS 0.3%CVE-2025-13474HIGHIDOR in Menulux Software's Mobile AppEPSS 0.3%CVE-2026-4208HIGHAuthentication Bypass in extension "E-Mail MFA Provider" (mfa_email)EPSS 0.3%CVE-2025-14033MEDIUMilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2026-7573MEDIUMGetUserRoles API endpoint allows any authenticated user to enumerate ACL policies across all organizationsEPSS 0.3%CVE-2025-25276MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-49135MEDIUMCVAT missing validation for in-progress backup upload namesEPSS 0.3%CVE-2025-26857MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%