Weaknesses of type CWE-639
1,501 resultsCVE-2023-6875CRITICALPOST SMTP Mailer – Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress <= 2.8.7 - Authorization Bypass via type connect-app APIEPSS 90.3%CVE-2024-46982HIGHCache Poisoning in next.jsEPSS 58.1%CVE-2023-48783MEDIUMAn Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 andEPSS 22.2%CVE-2024-0264HIGHSourceCodester Clinic Queuing System LoginRegistration.php authorizationEPSS 18.2%CVE-2019-25487CRITICALSAPIDO RB-1732 V2.0.43 Remote Command Execution via formSysCmdEPSS 8.4%CVE-2022-40319HIGHThe LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email addreEPSS 7.2%CVE-2025-3605CRITICALFrontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 6.4%CVE-2026-33484HIGHLangflow has Unauthenticated IDOR on Image DownloadsEPSS 5.8%CVE-2025-5947CRITICALService Finder Bookings <= 6.0 - Authentication Bypass via User Switch CookieEPSS 5.7%CVE-2026-7665MEDIUMEssential Addons for Elementor <= 6.6.4 - Missing Authorization to Unauthenticated Information Exposure via 'load_more' AJAX HandlerEPSS 5.1%CVE-2021-21012MEDIUMMagento Commerce Insecure Direct Object Reference Vulnerability Could Lead To Sensitive Information DisclosureEPSS 4.0%CVE-2024-12483MEDIUMDromara UJCMS User ID id authorizationEPSS 3.4%CVE-2022-31692CRITICALSpring Security, versions 5.7 prior to 5.7.5 and 5.6 prior to 5.6.9 could be susceptible to authorization rules bypass via forward or includEPSS 3.4%CVE-2026-28788HIGHOpen WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwriteEPSS 2.9%CVE-2022-1996CRITICALAuthorization Bypass Through User-Controlled Key in emicklei/go-restfulEPSS 2.7%CVE-2024-50483CRITICALWordPress Meetup plugin <= 0.1 - Broken Authentication vulnerabilityEPSS 2.4%CVE-2022-0691MEDIUMAuthorization Bypass Through User-Controlled Key in unshiftio/url-parseEPSS 2.2%CVE-2021-21022MEDIUMMagento Commerce Incorrect permissions Could Lead To Unauthorized AccessEPSS 2.2%CVE-2017-3183—Sage XRT Treasury, version 3, fails to properly restrict database access to authorized users, which may enable any authenticated user to gain full access to privileged database functionsEPSS 2.1%CVE-2012-5571MEDIUMOpenstack keystone: openstack keystone: authorization bypass via improper ec2 token handlingEPSS 2.0%