Weaknesses of type CWE-639
1,528 resultsCVE-2023-6144CRITICALDev Blog v1.0 - ATOEPSS 0.4%CVE-2024-32808MEDIUMWordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerabilityEPSS 0.4%CVE-2026-28696HIGHCraft affected by IDOR via GraphQL @parseRefsEPSS 0.4%CVE-2022-31683MEDIUMConcourse (7.x.y prior to 7.8.3 and 6.x.y prior to 6.7.9) contains an authorization bypass issue. A Concourse user can send a request with bEPSS 0.4%CVE-2025-69394HIGHWordPress Cnvrse plugin < 026.02.10.20 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2024-33668CRITICALAn issue was discovered in Zammad before 6.3.0. The Zammad Upload Cache uses insecure, partially guessable FormIDs to identify content. An aEPSS 0.4%CVE-2026-25757HIGHUnauthenticated Spree Commerce users can view completed guest orders by Order IDEPSS 0.4%CVE-2025-31360MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.4%CVE-2026-5652CRITICALAuthorization Bypass Through User-Controlled Key in Crafty ControllerEPSS 0.4%CVE-2024-6087MEDIUMImproper Access Control in lunary-ai/lunaryEPSS 0.4%CVE-2026-3185MEDIUMfeiyuchuixue sz-boot-parent API Endpoint sys-message authorizationEPSS 0.4%CVE-2026-39386HIGHNeko has Self-service Privilege Escalation for Authenticated UsersEPSS 0.4%CVE-2025-51869HIGHInsecure Direct Object Reference (IDOR) vulnerability in Liner thru 2025-06-03 allows attackers to gain sensitive information via crafted spEPSS 0.4%CVE-2024-30507LOWWordPress Molongui Authorship plugin <= 4.7.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2025-51868HIGHInsecure Direct Object Reference (IDOR) vulnerability in Dippy (chat.dippy.ai) v2 allows attackers to gain sensitive information via the conEPSS 0.4%CVE-2024-1625HIGHIDOR Vulnerability in lunary-ai/lunaryEPSS 0.4%CVE-2024-31095MEDIUMWordPress Thumbs Rating plugin <= 5.1.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2025-12283MEDIUMcode-projects Client Details System authorizationEPSS 0.4%CVE-2026-41949HIGHDify < 1.14.2 Authorization Bypass via File Preview EndpointEPSS 0.4%CVE-2023-3287CRITICALA BOLA vulnerability in POST /admins in EasyAppointments < 1.5.0EPSS 0.4%