Weaknesses of type CWE-639

1,593 results
CVE-2026-28782MEDIUMCraft has a Permission Bypass and IDOR in Duplicate Entry ActionEPSS 0.2%CVE-2026-8611MEDIUMKlamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' ParameterEPSS 0.2%CVE-2025-41097HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-41092HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2026-5395HIGHFluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' ParameterEPSS 0.2%CVE-2026-24379MEDIUMWordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-43782MEDIUMInsecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7EPSS 0.2%CVE-2026-55255CRITICALLangflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's FlowEPSS 0.2%CVE-2025-66286MEDIUMWebkitgtk: authorization bypass through webpage::send-request signal handlerEPSS 0.2%CVE-2026-1883MEDIUMWicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder DeletionEPSS 0.2%CVE-2025-3282MEDIUMUser Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership ModificationEPSS 0.2%CVE-2025-1284MEDIUMWoocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information DisclosureEPSS 0.2%CVE-2026-40600HIGHChartbrew: Incorrect Access Control in project share policy routes via unbound policy_idEPSS 0.2%CVE-2025-60511MEDIUMMoodle OpenAI Chat Block plugin 3.0.1 (2025021700) suffers from an Insecure Direct Object Reference (IDOR) vulnerability due to insufficientEPSS 0.2%CVE-2023-32352A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS MonterEPSS 0.2%CVE-2026-38568HIGHHireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/<id> EPSS 0.2%CVE-2025-43732MEDIUMLiferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3EPSS 0.2%CVE-2026-56781MEDIUMTeable - Unauthenticated Hidden Field Disclosure via Projection Parameter OverrideEPSS 0.2%CVE-2025-66553MEDIUMNextcloud Tables app allowed users to view columns metadata information of any tableEPSS 0.2%CVE-2026-27793MEDIUMSeerr has Broken Object-Level Authorization in User Profile Endpoint that Exposes Third-Party Notification CredentialsEPSS 0.2%