Weaknesses of type CWE-639
1,565 resultsCVE-2023-32669MEDIUMAuthorization Bypass on BuddyBossEPSS 0.3%CVE-2025-49995MEDIUMWordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-61148MEDIUMAn Insecure Direct Object Reference (IDOR) vulnerability in the EduplusCampus 3.0.1 Student Payment API allows authenticated users to accessEPSS 0.3%CVE-2024-4154HIGHIncorrect Synchronization in lunary-ai/lunaryEPSS 0.3%CVE-2024-45232HIGHAn issue was discovered in powermail extension through 12.3.5 for TYPO3. It fails to validate the mail parameter of the confirmationAction, EPSS 0.3%CVE-2026-29200CRITICALA critical IDOR vulnerability has been discovered in Comet Backup affecting all versions from 20.11.0 to 26.1.1 and 26.2.1. The vulnerabilitEPSS 0.3%CVE-2025-9902HIGHIDOR in Akınsoft QRMenuEPSS 0.3%CVE-2026-1619HIGHIDOR in Universal Sotware's FlexCity/KioskEPSS 0.3%CVE-2026-25197CRITICALGardyn Cloud API Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2024-10797MEDIUMFull Screen Menu for Elementor <= 1.0.7 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-33759MEDIUMAVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist ContentsEPSS 0.3%CVE-2025-47555LOWWordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2023-3290MEDIUMA BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0EPSS 0.3%CVE-2026-42205HIGHAvo: Broken Access Control: Unauthorized Execution of Arbitrary Action Classes Across ResourcesEPSS 0.3%CVE-2025-14802MEDIUMLearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material DeletionEPSS 0.3%CVE-2026-24134MEDIUMStudioCMS has an Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2024-12447MEDIUMGet Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content ShortcodeEPSS 0.3%CVE-2025-24850MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-44570HIGHOpen WebUI: Inconsistent authorization controls within memories APIEPSS 0.3%CVE-2025-41099HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.3%