Weaknesses of type CWE-639
1,550 resultsCVE-2026-5167MEDIUMMasteriyo LMS <= 2.1.7 - Unauthenticated Authorization Bypass to Arbitrary Order Completion via Stripe Webhook EndpointEPSS 0.4%CVE-2023-6897MEDIUMEAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via ShortcodeEPSS 0.4%CVE-2026-42278HIGHUltraDAG: Smart Account Spending Policy Bypass via PocketsEPSS 0.4%CVE-2023-3700MEDIUMAuthorization Bypass Through User-Controlled Key in alextselegidis/easyappointmentsEPSS 0.4%CVE-2025-58627CRITICALWordPress Miraculous Core Plugin plugin < 2.0.9 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2023-38047HIGHA BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} in EasyAppointments < 1.5.0.EPSS 0.4%CVE-2023-2544MEDIUMAuthorization Bypass on UPV PEIXEPSS 0.4%CVE-2024-6685LOWAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.4%CVE-2024-38701MEDIUMWordPress Academy LMS plugin <= 2.0.4 - Broken Access Control vulnerabilityEPSS 0.4%CVE-2026-22588MEDIUMSpree API has Authenticated Insecure Direct Object Reference (IDOR) via Order ModificationEPSS 0.4%CVE-2024-13428MEDIUMWP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Company Logo DeletionEPSS 0.4%CVE-2026-30959MEDIUMOneUptime has WhatsApp Resend Verification Authorization BypassEPSS 0.4%CVE-2025-5518MEDIUMIDOR in ArgusTech's BILGEREPSS 0.4%CVE-2025-9114CRITICALDoccure <= 1.5.0 - Unauthenticated Arbitrary User Password ChangeEPSS 0.4%CVE-2025-11517HIGHEvent Tickets and Registration <= 5.26.5 - Unauthenticated Ticket Payment BypassEPSS 0.4%CVE-2024-42463HIGHLeak of organizations messagesEPSS 0.4%CVE-2025-51865HIGHAi2 playground web service (playground.allenai.org) LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR), alEPSS 0.4%CVE-2023-41368LOWInsecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps)EPSS 0.4%CVE-2024-43322MEDIUMWordPress Zephyr Project Manager plugin <= 3.3.100 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2026-2729MEDIUMForminator – Contact Form, Payment Form & Custom Form Builder <= 1.52.0 - Missing Authorization to Unauthenticated Stripe PaymentIntent Reuse / Underpayment Bypass via 'paymentid' ParameterEPSS 0.4%