Weaknesses of type CWE-639
1,591 resultsCVE-2025-43724MEDIUMDell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privilEPSS 0.1%CVE-2026-12411HIGHBroken Access Control in Canonical LXD DevLXD APIEPSS 0.1%CVE-2026-0020HIGHIn parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a perEPSS 0.1%CVE-2025-22422HIGHIn multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will beEPSS 0.1%CVE-2023-21131—In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logiEPSS 0.1%CVE-2026-57680MEDIUMWordPress Kirki plugin <= 6.0.11 - Insecure Direct Object References (IDOR) vulnerabilityEPSS —CVE-2026-58653MEDIUMPraisonAI - Authorization Bypass via Unvalidated project_id in Issue Create/UpdateEPSS —CVE-2026-59098HIGHLobeChat 2.2.9 - Cross-User Document Disclosure via Unscoped RAG Semantic SearchEPSS —CVE-2026-59100LOWLobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent OperationsEPSS —CVE-2026-58580MEDIUMLobeChat 2.2.9 - Broken Object-Level Authorization in Message Sub-Resource WritesEPSS —CVE-2026-9180MEDIUMMotoPress Appointment Booking <= 2.4.4 - Unauthenticated Insecure Direct Object Reference to 'payment_details.booking_id' ParameterEPSS —