Weaknesses of type CWE-639
1,564 resultsCVE-2025-58597MEDIUMWordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2026-24901HIGHOutline's IDOR allows unauthorized viewing and seizing of private deleted draftsEPSS 0.3%CVE-2026-9087MEDIUMKeycloak: cross-session email verification proof not bound to upstream identity in first-broker-loginEPSS 0.3%CVE-2026-42947HIGHNaxclow IoT Platform Authorization bypass through User-Controlled keyEPSS 0.3%CVE-2024-42464HIGHLeak of user informationEPSS 0.3%CVE-2026-33304MEDIUMOpenEMR has Authorization Bypass in Dated Reminders LogEPSS 0.3%CVE-2026-47266HIGHFormie: Unauthenticated front-end submission editing can overwrite existing submissionsEPSS 0.3%CVE-2026-6375HIGHAuthorization bypass through User-Controlled key in SpiceJet Online Booking SystemEPSS 0.3%CVE-2025-32373MEDIUMDNN allows a registered user to enumerate and access files they should not have access toEPSS 0.3%CVE-2024-5942MEDIUMPage and Post Clone <= 6.0 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information ExposureEPSS 0.3%CVE-2024-10787MEDIUMLA-Studio Element Kit for Elementor <= 1.4.4 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-7848MEDIUMUser Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File AccessEPSS 0.3%CVE-2024-43288MEDIUMWordPress wpForo Forum plugin <= 2.3.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-41358HIGHDirect reference to insecure objects (IDOR) in CronosWeb from CronosWeb i2AEPSS 0.3%CVE-2024-8123MEDIUMThe Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-13490MEDIUMglpi-project glpi Document document.send.php canViewFile authorizationEPSS 0.3%CVE-2026-2104MEDIUMAuthorization Bypass Through User-Controlled Key in GitLabEPSS 0.3%CVE-2024-13601MEDIUMMajestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-1987MEDIUMScheduler Widget <= 0.1.6 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary Event ModificationEPSS 0.3%CVE-2018-25129HIGHSOCA Access Control System 180612 Information Disclosure via Multiple EndpointsEPSS 0.3%