Weaknesses of type CWE-639
1,593 resultsCVE-2025-31933MEDIUMGrowatt Cloud Applications Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2022-48505—This issue was addressed with improved data protection. This issue is fixed in macOS Ventura 13. An app may be able to modify protected partEPSS 0.3%CVE-2025-11895MEDIUMBinary MLM Plan <= 5.0 - Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.2%CVE-2026-40570MEDIUMFreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PIIEPSS 0.2%CVE-2026-42463HIGHSQLBot: Unauthorized Access VulnerabilityEPSS 0.2%CVE-2025-62241MEDIUMInsecure Direct Object Reference (IDOR) vulnerability with shipment addresses in Liferay DXP 2023.Q4.1 through 2023.Q4.5 allows remote autheEPSS 0.2%CVE-2026-40792MEDIUMWordPress KiviCare plugin <= 4.2.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-49386MEDIUMIn JetBrains YouTrack before 2026.1.13570 improper access control allowed enumeration of restricted issues and articles on Planning CanvasEPSS 0.2%CVE-2026-5199LOWCross Namespace Access via Batch OperationEPSS 0.2%CVE-2025-13389MEDIUMAdmin and Customer Messages After Order for WooCommerce: OrderConvo <= 14 - Missing Authorization to Unauthenticated Information DisclosureEPSS 0.2%CVE-2026-7787HIGHUnauthenticated Session History Access via Public Flow ExecutionEPSS 0.2%CVE-2024-8988MEDIUMPeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_downloadEPSS 0.2%CVE-2024-12306MEDIUMAccess Control Vulnerabilities Allow Unauthorized Access to User Profiles in UnifiedtransformEPSS 0.2%CVE-2026-5138MEDIUMForeman: foreman: information disclosure via improper validation of nested request parametersEPSS 0.2%CVE-2025-66132MEDIUMWordPress FAPI Member plugin <= 2.2.30 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-68979MEDIUMWordPress Google Calendar Events plugin <= 3.5.9 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-53903MEDIUMInsecure Direct Object Reference in MCOEPSS 0.2%CVE-2025-64283MEDIUMWordPress RTMKit plugin <= 1.6.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2024-12305MEDIUMObject-Level Access Control Vulnerability Allows Unauthorized Access to Student Grades in UnifiedtransformEPSS 0.2%CVE-2026-44424MEDIUMShellHub: Cross-tenant IDOR in `GET /api/devices/:uid` discloses device data of any namespaceEPSS 0.2%