Weaknesses of type CWE-639

1,592 results
CVE-2024-13887MEDIUMBusiness Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image AdditionEPSS 0.3%CVE-2026-24900MEDIUMMarkUs has a submission-view IDOR exposes all student submissionsEPSS 0.3%CVE-2025-13479HIGHIDOR in PosCube's QR MenuEPSS 0.3%CVE-2025-31147MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-9081LOWIDOR in board file download allows any user to download any file by UUIDEPSS 0.3%CVE-2025-31933MEDIUMGrowatt Cloud Applications Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-12524MEDIUMPost Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type ChangeEPSS 0.3%CVE-2025-13748MEDIUMFluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_idEPSS 0.3%CVE-2025-31357MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2022-48505This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected partEPSS 0.3%CVE-2025-31950MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-24950HIGHWordPress Authorsy plugin <= 1.0.6 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-27929MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-1206MEDIUMElementor Website Builder <= 3.35.7 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Elementor TemplateEPSS 0.3%CVE-2025-5195MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2025-27575MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-30257MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-44776MEDIUMKavita: IDOR in /api/Download/*EPSS 0.3%CVE-2026-10023MEDIUMDokan: AI Powered WooCommerce Multivendor Marketplace Solution <= 5.0.3 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Order Modification via Multiple AJAX HandlersEPSS 0.3%CVE-2025-27927MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%