Weaknesses of type CWE-639
1,560 resultsCVE-2025-24976MEDIUMDistribution's token authentication allows attacker to inject an untrusted signing key in a JWTEPSS 0.3%CVE-2026-25005MEDIUMWordPress Frontend File Manager plugin <= 23.5 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-45760HIGHApache Camel K: Camel K Cross-Namespace Build Deputy AttackEPSS 0.3%CVE-2025-7355MEDIUMIDOR in Beefull Energy Technologies' Beefull AppEPSS 0.3%CVE-2025-0058MEDIUMInformation Disclosure vulnerability in SAP Business Workflow and SAP Flexible WorkflowEPSS 0.3%CVE-2026-22235HIGHOPEXUS eComplaint IDOREPSS 0.3%CVE-2025-3091HIGHMB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24EPSS 0.3%CVE-2024-55231MEDIUMAn IDOR vulnerability in the edit-notes.php module of PHPGurukul Online Notes Sharing Management System v1.0 allows unauthorized users to moEPSS 0.3%CVE-2023-38513MEDIUMWordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.3%CVE-2025-65887MEDIUMA division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) EPSS 0.3%CVE-2023-53930HIGHProjectSend r1605 Insecure Direct Object Reference File Download VulnerabilityEPSS 0.3%CVE-2025-41098HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.3%CVE-2025-13842MEDIUMBreadcrumb NavXT <= 7.5.0 - Missing Authorization to Sensitive Information ExposureEPSS 0.3%CVE-2023-4099HIGHMultiple vulnerabilities in IDM Sistemas QSigeEPSS 0.3%CVE-2025-7013MEDIUMIDOR in QRMenumPro's Menu PanelEPSS 0.3%CVE-2025-66954MEDIUMA vulnerability exists in the Buffalo Link Station version 1.85-0.01 that allows unauthenticated or guest-level users to enumerate valid useEPSS 0.3%CVE-2024-11275MEDIUMWP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User DeletionEPSS 0.3%CVE-2026-3306MEDIUMImproper authorization in GitHub Projects allows modification of issue and pull request metadata without repository write accessEPSS 0.3%CVE-2025-61779HIGHTrustee's attestation-policy endpoint is not protected by admin autenticationEPSS 0.3%CVE-2024-43916MEDIUMWordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%