Weaknesses of type CWE-639
1,590 resultsCVE-2026-6062MEDIUMIDOR in Jira plugin subscription edit endpointEPSS 0.2%CVE-2026-24756MEDIUMKiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2026-56823MEDIUMAutoGPT: IDOR in Webhook Ping Endpoint Allows Enumeration and Cross-User Ping TriggeringEPSS 0.1%CVE-2026-3473MEDIUMImproper file ownership validation in the Boards API allows unauthorised file accessEPSS 0.1%CVE-2025-12881MEDIUMReturn Refund and Exchange For WooCommerce <= 4.5.5 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Order Message ReadEPSS 0.1%CVE-2026-47716LOWBugsink: Issue bulk actions can affect another project’s issue if its UUID is knownEPSS 0.1%CVE-2023-32189MEDIUMInsecure handling SSH key in SUSE Manager when bootstrapping new clientsEPSS 0.1%CVE-2026-24761LOWKiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled KeyEPSS 0.1%CVE-2026-33141MEDIUMChamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning DataEPSS 0.1%CVE-2026-40865HIGHHorilla: Insecure Direct Object Reference at `/employee/view-file/<int:id>EPSS 0.1%CVE-2026-49192MEDIUMSummary Service Insecure Direct Object ReferenceEPSS 0.1%CVE-2026-24755MEDIUMKiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled KeyEPSS 0.1%CVE-2024-21981MEDIUMImproper key usage control in AMD Secure Processor
(ASP) may allow an attacker with local access who has gained arbitrary code
execution priEPSS 0.1%CVE-2025-8887MEDIUMIDOR in Usta Information Systems' Aybs InteraktifEPSS 0.1%CVE-2026-9248LOWAuthorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to cEPSS 0.1%CVE-2025-6942LOWThe distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorEPSS 0.1%CVE-2026-55411MEDIUMToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization's data-source secretsEPSS 0.1%CVE-2024-13175MEDIUMIDOR in Vidco Software's VOC TESTEREPSS 0.1%CVE-2025-66546LOWNextcloud Calendar app allowed booking appointments without the generated tokenEPSS 0.1%CVE-2025-8532MEDIUMIDOR in Bimser's eBA Document and Workflow Management SystemEPSS 0.1%