Weaknesses of type CWE-639
1,549 resultsCVE-2023-3869MEDIUMwpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase/DecreaseEPSS 0.4%CVE-2023-38052CRITICALA BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} in EasyAppointments < 1.5.0EPSS 0.4%CVE-2023-38048CRITICALA BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} in EasyAppointments < 1.5.0EPSS 0.4%CVE-2023-38054CRITICALA BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0EPSS 0.4%CVE-2026-23478CRITICALCal.com has an Authentication Bypass via Unvalidated Email in Custom JWT CallbackEPSS 0.4%CVE-2023-38051CRITICALA BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} in EasyAppointments < 1.5.0EPSS 0.4%CVE-2023-49765MEDIUMWordPress Rate my Post – WP Rating System Plugin <= 3.4.1 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.4%CVE-2023-38053CRITICALA BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} in EasyAppointments < 1.5.0EPSS 0.4%CVE-2025-55370HIGHIncorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all theEPSS 0.4%CVE-2026-5617HIGHLogin as User <= 1.0.3 - Authenticated (Subscriber+) Privilege Escalation via 'oclaup_original_admin' CookieEPSS 0.4%CVE-2025-27568MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.4%CVE-2025-30254MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.4%CVE-2023-4101HIGHMultiple vulnerabilities in IDM Sistemas QSigeEPSS 0.4%CVE-2026-37978MEDIUMKeycloak: org.keycloak.services: keycloak: information disclosure via evaluate-scopes admin apiEPSS 0.4%CVE-2025-30514MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.4%CVE-2025-24487MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.4%CVE-2025-27938MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.4%CVE-2024-2261MEDIUMEvent Tickets and Registration <= 5.8.2 - Improper Authorization to Information DisclosureEPSS 0.4%CVE-2025-70833CRITICALAn Authentication Bypass vulnerability in Smanga 3.2.7 allows an unauthenticated attacker to reset the password of any user (including the aEPSS 0.4%CVE-2025-5948CRITICALService Finder Bookings <= 6.0 - Unauthenticated Privilege Escalation via claim_businessEPSS 0.4%