Weaknesses of type CWE-639

1,593 results
CVE-2025-8463MEDIUMIDOR in SecHard Information Technologies' SecHardEPSS 0.2%CVE-2026-52812HIGHGogs: LFS dedupe path leaks private repo content across tenantsEPSS 0.2%CVE-2026-40589HIGHFreeScout has Customer Edit Cross-Mailbox Email TakeoverEPSS 0.2%CVE-2025-68502MEDIUMWordPress JetPopup plugin <= 2.0.20.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-55611NONEAnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership scoping (cross-tenant IDOR deletion)EPSS 0.2%CVE-2025-63513MEDIUMkishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functiEPSS 0.2%CVE-2026-33934MEDIUMOpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staff SignaturesEPSS 0.2%CVE-2024-29024MEDIUMJumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer FunctionalityEPSS 0.2%CVE-2026-25530MEDIUMKanboard is missing authorization check in getSwimlane API allows cross-project data accessEPSS 0.2%CVE-2025-59034MEDIUMIndico may disclose unauthorized user details access via legacy APIEPSS 0.2%CVE-2026-7145MEDIUMmettle sendportal Invitation WorkspaceInvitationsController.php destroy authorizationEPSS 0.2%CVE-2026-39384HIGHFreeScout Customer Merge Cross-Mailbox Authorization BypassEPSS 0.2%CVE-2026-56013MEDIUMWordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-3519HIGHReplace uploaded files knowing the file upload IDEPSS 0.2%CVE-2026-5395HIGHFluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' ParameterEPSS 0.2%CVE-2026-24379MEDIUMWordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-8611MEDIUMKlamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' ParameterEPSS 0.2%CVE-2025-41095HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-41094HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-41097HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%