Weaknesses of type CWE-639
1,597 resultsCVE-2026-39354MEDIUMScoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/askEPSS 0.2%CVE-2026-33740MEDIUMEspoCRM: Email importEml can import and delete another user's attachment by raw fileIdEPSS 0.2%CVE-2026-8204MEDIUMConcrete CMS 9.5.0 and below is vulnerable to Authorization Bypass in the Calendar Event Frontend DialogEPSS 0.2%CVE-2026-40591HIGHFreeScout: Improper Authorization in Phone Conversation Creation Enables Cross-Mailbox Hidden Customer ModificationEPSS 0.2%CVE-2026-10780MEDIUMStatic Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' AttributeEPSS 0.2%CVE-2026-10212MEDIUMAstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorizationEPSS 0.2%CVE-2026-57943MEDIUMLibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared EndpointEPSS 0.2%CVE-2025-9062HIGHIDOR in MeCODE Informatics' EnvantyEPSS 0.2%CVE-2025-12351MEDIUMInadequate access control measure allows unauthorized users to access restricted administrative functionsEPSS 0.2%CVE-2026-4400HIGHMultiple vulnerabilities in 1millionbot Millie chatbotEPSS 0.2%CVE-2023-4587HIGHInsecure direct object reference in ZKTeco ZEM800EPSS 0.2%CVE-2025-7900MEDIUMInsecure Direct Object Reference in extension "femanager" (femanager)EPSS 0.2%CVE-2026-2698MEDIUMImproper Access ControlEPSS 0.2%CVE-2026-12411HIGHBroken Access Control in Canonical LXD DevLXD APIEPSS 0.2%CVE-2026-47388LOWNocoDB: Missing Ownership Check in MCP Attachment ReadEPSS 0.2%CVE-2026-33736MEDIUMChamilo LMS has an Insecure Direct Object Reference (IDOR) - User Data ExposureEPSS 0.2%CVE-2025-13124HIGHIDOR in Netiket''s ApplyLogicEPSS 0.2%CVE-2024-47495HIGHJunos OS Evolved: In a dual-RE scenario a locally authenticated attacker with shell privileges can take over the device.EPSS 0.2%CVE-2026-39374MEDIUMPlane IDOR: Cross-Project Issue Date Modification via Bulk Update EndpointEPSS 0.2%CVE-2025-64706MEDIUMTypebot IDOR Vulnerability: Unauthorized API Token Deletion and ExposureEPSS 0.2%