Weaknesses of type CWE-639
1,553 resultsCVE-2025-68514MEDIUMWordPress Paid Member Subscriptions plugin <= 2.16.8 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-22608MEDIUMCoolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS)EPSS 0.3%CVE-2025-15582MEDIUMdetronetdip E-commerce Product Management Update authorizationEPSS 0.3%CVE-2025-5182MEDIUMSummer Pearl Group Vacation Rental Management Platform Listing authorizationEPSS 0.3%CVE-2023-6223MEDIUMLearnPress <= 4.2.5.7 - Insecure Direct Object Reference to Information DisclosureEPSS 0.3%CVE-2024-38446MEDIUMNATO NCI ANET 3.4.1 mishandles report ownership. A user can create a report and, despite the restrictions imposed by the UI, change the authEPSS 0.3%CVE-2026-45402HIGHOpen WebUI: Cross-User File Access via Unchecked file_id in Folder Knowledge and Knowledge-Base Attach EndpointsEPSS 0.3%CVE-2024-4873MEDIUMReplace Image <= 1.1.10 - Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-41141MEDIUMEspoCRM: IDOR in EmailTemplate Prepare Endpoint Leaks Entity Data via Email Address LookupEPSS 0.3%CVE-2024-13558HIGHNP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information DisclosureEPSS 0.3%CVE-2024-10366HIGHIDOR in delete attachments in danny-avila/librechatEPSS 0.3%CVE-2026-9851HIGHBooking Package <= 1.7.16 - Authenticated (Editor+) Privilege Escalation via Account Takeover to updateUser AJAX ActionEPSS 0.3%CVE-2025-5681MEDIUMIDOR in Turtek Software's EyotekEPSS 0.3%CVE-2026-1375HIGHTutor LMS <= 3.9.5 - Insecure Direct Object Reference to Authenticated (Instructor+) Arbitrary Course Modification and DeletionEPSS 0.3%CVE-2025-10024HIGHIDOR in EXERT Computer Technologies' Education Management SystemEPSS 0.3%CVE-2026-32103MEDIUMStudioCMS: IDOR — Admin-to-Owner Account Takeover via Password Reset Link GenerationEPSS 0.3%CVE-2024-5438MEDIUMTutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt DeletionEPSS 0.3%CVE-2025-15001CRITICALFS Registration Password <= 1.0.1 - Unauthenticated Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2023-27576—An issue was discovered in phpList before 3.6.14. Due to an access error, it was possible to manipulate and edit data of the system's super EPSS 0.3%CVE-2026-40252MEDIUMBroken Access Control (IDOR) Leading to Cross-Tenant Application Access in FastGPTEPSS 0.3%