Weaknesses of type CWE-639

1,593 results
CVE-2026-45349HIGHOpen WebUI: Broken Access Control for Completions APIEPSS 0.2%CVE-2026-5845HIGHImproper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise ServerEPSS 0.2%CVE-2026-52699HIGHWordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-1080MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2026-45551MEDIUMGroup-Office: Authenticated Stored XSS in Administrator Context via Arbitrary Cross-User Setting WriteEPSS 0.2%CVE-2026-22400MEDIUMWordPress Holmes theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-13157MEDIUMQODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist UpdateEPSS 0.2%CVE-2025-52446HIGHAuthorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows IEPSS 0.2%CVE-2025-68044HIGHWordPress Five Star Restaurant Reservations plugin <= 2.7.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-39526MEDIUMWordPress WpStream plugin < 4.11.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22426MEDIUMWordPress Sweet Jane theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-24969MEDIUMiTop portal user can see any other contact's pictureEPSS 0.2%CVE-2026-22391MEDIUMWordPress Cocco theme <= 1.5.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22430MEDIUMWordPress Verdure theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22396MEDIUMWordPress Fiorello theme <= 1.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22393MEDIUMWordPress Curly theme <= 3.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22398MEDIUMWordPress Fleur theme <= 2.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-9136HIGHUnauthorized ShadowAttribute modification in MISP via client-supplied identifierEPSS 0.2%CVE-2025-66123MEDIUMWordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-2257MEDIUMGetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST APIEPSS 0.2%