Weaknesses of type CWE-639
1,590 resultsCVE-2026-30884CRITICALmdjnelson/moodle-mod_customcert Vulnerable to Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2026-20219MEDIUMA vulnerability in the REST API of Cisco Slido could have allowed an authenticated, remote attacker to access the social profile data of othEPSS 0.2%CVE-2026-27898MEDIUMVaultwarden: Unauthorized Access via Partial Update API on Another User’s CipherEPSS 0.2%CVE-2026-43883MEDIUMWWBN AVideo: IDOR in PayPalYPT agreementCancel.json.php Allows Any Authenticated User to Cancel Arbitrary PayPal Subscription AgreementsEPSS 0.2%CVE-2021-4142—The Candlepin component of Red Hat Satellite was affected by an improper authentication flaw. Few factors could allow an attacker to use theEPSS 0.2%CVE-2026-9799MEDIUMKeycloak: keycloak: unauthorized access to resources via uma permission ticket bypassEPSS 0.2%CVE-2026-35165MEDIUMLORIS has incorrect access checks in document_repositoryEPSS 0.2%CVE-2025-14594LOWAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2025-12086MEDIUMReturn Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Refund Request CancellationEPSS 0.2%CVE-2026-27881MEDIUMCoolify: Cross-team deployment information disclosure via GET /api/v1/deployments/{uuid} (IDOR)EPSS 0.2%CVE-2026-2461MEDIUMMissing authorization check allows unauthorized modification of other users' comments on a boardEPSS 0.2%CVE-2024-5166MEDIUMInsecure Direct Object Reference In LookerEPSS 0.2%CVE-2026-28361MEDIUMNocoDB: Missing Ownership Validation in MCP Token OperationsEPSS 0.2%CVE-2026-6976LOWAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.2%CVE-2025-12071MEDIUMFrontend User Notes <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Note ModificationEPSS 0.2%CVE-2025-8884MEDIUMIDOR in VHS Electronic Software's ACE CenterEPSS 0.2%CVE-2025-12997LOWInsecure Direct Object Reference vulnerability in Medtronic CareLink Network which allows an authenticated attacker with access to specific EPSS 0.2%CVE-2026-32535MEDIUMWordPress JS Help Desk plugin <= 3.0.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-11690HIGHIDOR vulnerability in the CFMOTO RIDE APIEPSS 0.2%CVE-2026-47715LOWBugsink: Issue event views can show an event from another project if its UUID is knownEPSS 0.2%