Weaknesses of type CWE-639

1,597 results
CVE-2026-1291MEDIUMMeow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creationEPSS 0.2%CVE-2025-66556LOWNextcloud talk allows participants to blindly delete poll drafts of other users by IDEPSS 0.2%CVE-2026-40590MEDIUMFreeScout's Customer AJAX Create Modifies Hidden Existing CustomerEPSS 0.2%CVE-2025-66551MEDIUMNextcloud Tables is missing an ownership check which allows moving columns into tables of other usersEPSS 0.2%CVE-2026-49355MEDIUMOpenProject: Private work package data disclosure through single meeting agenda item APIEPSS 0.2%CVE-2026-39331HIGHChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary FamiliesEPSS 0.2%CVE-2026-33764MEDIUMAVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and TranscriptionsEPSS 0.2%CVE-2026-27883MEDIUMCoolify: IDOR in Deployment API - Cross-Team Deployment Information DisclosureEPSS 0.2%CVE-2025-12366MEDIUMPage Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object ReferenceEPSS 0.2%CVE-2026-9241MEDIUMFOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' ParameterEPSS 0.2%CVE-2026-27705MEDIUMPlane Vulnerable to Cross-Workspace/Cross-Project Asset Modification via IDOR in ProjectAssetEndpoint.patchEPSS 0.2%CVE-2025-11518MEDIUMWPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist ManipulationEPSS 0.2%CVE-2025-65020MEDIUMRallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)EPSS 0.2%CVE-2026-39616MEDIUMWordPress Download Attachments plugin <= 1.4.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-1704MEDIUMAppointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information ExposureEPSS 0.2%CVE-2026-40737MEDIUMWordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-1436HIGHImproper Access Control (IDOR) vulnerability in Graylog Web InterfaceEPSS 0.2%CVE-2026-5337MEDIUMFrontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary Download Access via IDOREPSS 0.2%CVE-2026-8204MEDIUMConcrete CMS 9.5.0 and below is vulnerable to Authorization Bypass in the Calendar Event Frontend DialogEPSS 0.2%CVE-2026-7782MEDIUMCodeCanyon Perfex CRM Tenant Clients.php project authorizationEPSS 0.2%