Weaknesses of type CWE-639
1,552 resultsCVE-2025-0337HIGHAuthorization bypass in Now PlatformEPSS 0.4%CVE-2023-41796MEDIUMWordPress Sunshine Photo Cart Plugin < 3.0.0 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.4%CVE-2024-12335MEDIUMAvada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post DisclosureEPSS 0.4%CVE-2026-27449HIGHUmbraco.Engage.Forms Allows Unauthorized Access to Multiple API EndpointsEPSS 0.4%CVE-2025-10910CRITICALGaining remote control over Govee devicesEPSS 0.4%CVE-2025-13768HIGHUniong|WebITR - Authorization BypassEPSS 0.4%CVE-2024-45606HIGHImproper authorization on muting of alert rules in sentryEPSS 0.4%CVE-2026-3371MEDIUMTutor LMS <= 3.9.7 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Course Content ModificationEPSS 0.4%CVE-2024-7041MEDIUMIDOR in open-webui/open-webuiEPSS 0.4%CVE-2024-32604MEDIUMWordPress WP-Recall plugin <= 16.26.5 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.4%CVE-2024-3306HIGHIDOR in Utarit Information's SoliClubEPSS 0.4%CVE-2025-3625HIGHMoodle: user dos and name disclosure via idor in moodle mfa email factor revoke actionEPSS 0.4%CVE-2026-56222HIGHCapgo - Cross-Organization App Takeover via Mismatched org_id and app_id in /private/role_bindingsEPSS 0.4%CVE-2026-33160LOWCraft CMS: Anonymous "generate transform" calls for assets can expose private assets via transform URLEPSS 0.4%CVE-2024-3035MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.4%CVE-2024-10670MEDIUMPrimary Addon for Elementor <= 1.6.2 - Authenticated (Contributor+) Post DisclosureEPSS 0.4%CVE-2023-38050CRITICALA BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} in EasyAppointments < 1.5.0EPSS 0.4%CVE-2025-15521CRITICALAcademy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.4%CVE-2025-13822MEDIUMAuthentication bypass in MCPHubEPSS 0.4%CVE-2024-36399HIGHKanboard affected by Project Takeover via IDOR in ProjectPermissionControllerEPSS 0.4%