Weaknesses of type CWE-639
1,559 resultsCVE-2025-14356MEDIUMUltra Addons for Contact Form 7 <= 3.5.33 - Missing Authorization to Authenticated (Subscriber+) to Generate Form Submission PDFEPSS 0.3%CVE-2023-45808MEDIUMiTop missing silo check on extkey in console and portalEPSS 0.3%CVE-2025-70063MEDIUMThe 'Medical History' module in PHPGurukul Hospital Management System v4.0 contains an Insecure Direct Object Reference (IDOR) vulnerabilityEPSS 0.3%CVE-2025-25952MEDIUMAn Insecure Direct Object References (IDOR) in the component /getStudemtAllDetailsById?studentId=XX of Serosoft Solutions Pvt Ltd Academia SEPSS 0.3%CVE-2026-40480HIGHChurchCRM has Missing Object-Level Authorization / IDOR in `/api/person/{personId}`EPSS 0.3%CVE-2025-65021CRITICALRallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)EPSS 0.3%CVE-2025-52448HIGHAuthorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (validate-initial-sql api moduEPSS 0.3%CVE-2025-59562MEDIUMWordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2025-8855HIGH2FA Expiry Bypass in Optimus Software's Brokerage AutomationEPSS 0.3%CVE-2026-41267HIGHFlowise: Improper Mass Assignment in Account Registration Enables Unauthorized Organization AssociationEPSS 0.3%CVE-2026-41950MEDIUMDify < 1.14.0 Authorization Bypass via File UUIDEPSS 0.3%CVE-2024-47316MEDIUMWordPress Salon Booking Wordpress Plugin plugin <= 10.9 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-58137HIGHApache Fineract: IDOR via self-service APIEPSS 0.3%CVE-2026-41277HIGHFlowise: Mass Assignment in DocumentStore Create Endpoint Leads to Cross-Workspace Object Takeover (IDOR)EPSS 0.3%CVE-2023-30960MEDIUMInsecure Direct Object Reference (IDOR) in Foundry job-trackerEPSS 0.3%CVE-2025-1270CRITICALInsecure direct object reference (IDOR) vulnerability in H6WebEPSS 0.3%CVE-2025-31867MEDIUMWordPress JS Job Manager Plugin <= 2.0.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2022-46179CRITICALLiuOS vulnerable to Authorization Bypass through User-Controlled KeyEPSS 0.3%CVE-2026-45398HIGHOpen WebUI: IDOR - Retrieval API Bypasses Knowledge Base Access ControlsEPSS 0.3%CVE-2024-51559HIGHImproper Access Control Vulnerability in Wave 2.0EPSS 0.3%