Weaknesses of type CWE-639

1,593 results
CVE-2026-54010HIGHOpen WebUI: Forged chat-file link allows cross-user file read and deletionEPSS 0.2%CVE-2026-26004MEDIUMSentry allows unauthorized access to event data across organizational boundariesEPSS 0.2%CVE-2025-66513MEDIUMNextcloud Tables app share information not limited to relevant usersEPSS 0.2%CVE-2025-64497MEDIUMTuleap exposes releases for all projects to File Release System project administratorsEPSS 0.2%CVE-2025-40676MEDIUMMúltiples vulnerabilidades en Negotiator de BBMRI-ERICEPSS 0.2%CVE-2026-3020HIGHIdentity based authorization bypass vulnerability (IDOR) in the Wakyma application webEPSS 0.2%CVE-2026-44341MEDIUMGoJobs: Insecure Direct Object Reference (IDOR) in Job Retrieval EndpointEPSS 0.2%CVE-2025-69274LOWSpectrum broken authorization schemeEPSS 0.2%CVE-2026-47378MEDIUMNocoDB: Hidden Column Exposure in Public Shared View EndpointsEPSS 0.2%CVE-2026-50194HIGHSteeltoe vulnerable to management-port isolation bypass via spoofed Host headerEPSS 0.2%CVE-2026-8406HIGHopenSIS Classic 9.3 - Insecure Direct Object Reference in Sent MailEPSS 0.2%CVE-2025-34438MEDIUMAVideo < 20.1 IDOR Arbitrary Video RotationEPSS 0.2%CVE-2025-66547MEDIUMNextcloud Server users can modify tags on files that do not belong to themEPSS 0.2%CVE-2025-27565MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2025-36023MEDIUMIBM Cloud Pak for Business Automation security bypassEPSS 0.2%CVE-2026-33702HIGHChamilo LMS has an Insecure Direct Object Reference (IDOR)EPSS 0.2%CVE-2025-0642MEDIUMHard-coded Credentials in PosCube's AssistEPSS 0.2%CVE-2025-27561MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2025-8463MEDIUMIDOR in SecHard Information Technologies' SecHardEPSS 0.2%CVE-2025-64011MEDIUMNextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user caEPSS 0.2%