Weaknesses of type CWE-639
1,593 resultsCVE-2026-50141HIGHWoodpecker gRPC agent_id metadata can be spoofed- cross-tenant agent impersonationEPSS 0.2%CVE-2026-44423MEDIUMShellHub: Cross-tenant IDOR in `GET /api/sessions/:uid` discloses SSH session dataEPSS 0.2%CVE-2026-25567MEDIUMWeKan < 8.19 Card Comment Author Spoofing via User-controlled authorIdEPSS 0.2%CVE-2026-44424MEDIUMShellHub: Cross-tenant IDOR in `GET /api/devices/:uid` discloses device data of any namespaceEPSS 0.2%CVE-2026-27838LOWwger: IDOR via user-unscoped cache keys on routine API actions exposes workout dataEPSS 0.2%CVE-2026-1219MEDIUMMP3 Audio Player – Music Player, Podcast Player & Radio by Sonaar 4.0 - 5.10 - Unauthenticated Insecure Direct Object Reference to Sensitive Information ExposureEPSS 0.2%CVE-2026-10597MEDIUMITPison|OMICARD EDM - Insecure Direct Object ReferenceEPSS 0.2%CVE-2025-62252MEDIUMInsecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and LiferayEPSS 0.2%CVE-2025-69727MEDIUMAn Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index.js and composeEPSS 0.2%CVE-2026-3173MEDIUMMeta Field Block <= 1.5.1 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary User Meta ExposureEPSS 0.2%CVE-2026-32589HIGHMirror-registry: quay: insecure direct object reference in blobuploadEPSS 0.2%CVE-2021-37577MEDIUMBluetooth LE and BR/EDR Secure Connections pairing and Secure Simple Pairing using the Passkey entry protocol in Bluetooth Core SpecificatioEPSS 0.2%CVE-2025-65670MEDIUMAn Insecure Direct Object Reference (IDOR) in classroomio 0.1.13 allows students to access sensitive admin/teacher endpoints by manipulatingEPSS 0.2%CVE-2026-6001HIGHIDOR in Abis Technology's BAPSİSEPSS 0.2%CVE-2026-56048MEDIUMWordPress Payment Gateway Based Fees and Discounts for WooCommerce plugin <= 3.0.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-31949MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2025-12427MEDIUMYITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Insecure Direct Object Reference to Unauthenticated Wishlist RenameEPSS 0.2%CVE-2025-12008HIGHIDOR in APPYAP's Yaay Social Media AppEPSS 0.2%CVE-2025-15370MEDIUMShield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google AuthenticatorEPSS 0.2%CVE-2025-31654MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.2%