Weaknesses of type CWE-639

1,597 results
CVE-2026-57630MEDIUMWordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-66123MEDIUMWordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-15657MEDIUMWordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-34370MEDIUMChamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notesEPSS 0.2%CVE-2026-54360HIGHMISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groupsEPSS 0.2%CVE-2026-3568MEDIUMMStore API <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta UpdateEPSS 0.2%CVE-2025-14882LOWInsecure direct object referenceEPSS 0.2%CVE-2026-44678HIGHTuist: IDOR in preview deletion API allows cross-tenant deletion of any preview by UUIDEPSS 0.2%CVE-2026-42515HIGHInsecure Direct Object Reference (IDOR) Vulnerability in e-Sushrut HMISEPSS 0.2%CVE-2026-54016MEDIUMOpen WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File EnumerationEPSS 0.2%CVE-2026-34985MEDIUMLORIS has incorrect access checks in media moduleEPSS 0.2%CVE-2026-42516HIGHBroken Access Control Vulnerability in e-Sushrut HMISEPSS 0.2%CVE-2026-42517HIGHCryptographic Failure Vulnerability in e-Sushrut HMISEPSS 0.2%CVE-2025-14881LOWInsecure direct object referenceEPSS 0.2%CVE-2025-66558LOWNextcloud Twofactor WebAuthn app was updated based on public keyEPSS 0.2%CVE-2026-11461MEDIUMNousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorizationEPSS 0.2%CVE-2026-43917MEDIUMDokploy: Cross-Organization IDOR - Multiple tRPC endpoints missing activeOrganizationId validationEPSS 0.2%CVE-2026-58447HIGHInvidious - Cross-User Playlist Video Deletion via Missing Ownership CheckEPSS 0.2%CVE-2026-30825NONEhoppscotch: IDOR - Any authenticated user can revoke any other user's Personal Access TokenEPSS 0.2%CVE-2026-54009MEDIUMOpen WebUI: Cross-user file disclosure via /api/chat/completions image_url fieldEPSS 0.2%