Weaknesses of type CWE-639
1,592 resultsCVE-2025-26857MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-43810MEDIUMInsecure Direct Object Reference (IDOR) vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2EPSS 0.3%CVE-2025-49135MEDIUMCVAT missing validation for in-progress backup upload namesEPSS 0.3%CVE-2022-2312—Student Result or Employee Database < 1.7.5 - Stored Cross Site Scripting via CSRFEPSS 0.3%CVE-2026-42861HIGHFlowise: Mass Assignment in Variable Update Endpoint Allows Cross-Workspace Resource ReassignmentEPSS 0.3%CVE-2026-54357MEDIUMMISP improper authorization allows organization administrators to modify site administrator user settingsEPSS 0.3%CVE-2026-33313MEDIUMVikunja has an IDOR in Task Comments Allows Reading Arbitrary CommentsEPSS 0.3%CVE-2026-32120MEDIUMOpenEMR has IDOR in Fee Sheet Product SaveEPSS 0.3%CVE-2025-13004MEDIUMIDOR in Farktor Software's E-Commerce PackageEPSS 0.3%CVE-2026-30927MEDIUMAdmidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameterEPSS 0.3%CVE-2026-1558MEDIUMWP Recipe Maker <= 10.3.2 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' ParameterEPSS 0.3%CVE-2026-29071LOWOpen WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memoriesEPSS 0.3%CVE-2025-64012MEDIUMInvoicePlane commit debb446c is vulnerable to Incorrect Access Control. The invoices/view handler fails to verify ownership before returningEPSS 0.3%CVE-2026-32104MEDIUMStudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's SettingsEPSS 0.3%CVE-2025-64431HIGHIDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data TemperingEPSS 0.3%CVE-2025-27433MEDIUMBroken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)EPSS 0.3%CVE-2025-10039MEDIUMELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client'EPSS 0.3%CVE-2026-45810MEDIUMNextcloud: Propfind requests for file comments allowed to load comments for other filesEPSS 0.3%CVE-2025-67985MEDIUMWordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-24900MEDIUMMarkUs has a submission-view IDOR exposes all student submissionsEPSS 0.3%