Weaknesses of type CWE-639
1,566 resultsCVE-2024-10688MEDIUMAttesa Extra <= 1.4.2 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-21759LOWAn authorization bypass through user-controlled key in Fortinet FortiPortal version 7.2.0, and versions 7.0.0 through 7.0.6 allows attacker EPSS 0.3%CVE-2026-53673HIGHBuddyPress 14.4.0 Private Message IDOR via REST API user_id ParameterEPSS 0.3%CVE-2025-41099HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.3%CVE-2025-51533MEDIUMAn Insecure Direct Object Reference (IDOR) in Sage DPW v2024_12_004 and below allows unauthorized attackers to access internal forms via senEPSS 0.3%CVE-2026-44570HIGHOpen WebUI: Inconsistent authorization controls within memories APIEPSS 0.3%CVE-2026-8027MEDIUMFlowiseAI Flowise User Controller authorizationEPSS 0.3%CVE-2025-6038HIGHLisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege EscalationEPSS 0.3%CVE-2026-13549MEDIUMCodeAstro Complaint Management System Report Endpoint Report.php deletereport authorizationEPSS 0.3%CVE-2026-41649HIGHOutline has IDOR in document share creation that allows unauthorized access to private documents across workspacesEPSS 0.3%CVE-2025-14772HIGHBroken Access Control in ABB T-MAC Plus web applicationEPSS 0.3%CVE-2025-46387HIGHCWE-639 Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2024-43239MEDIUMWordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerabilityEPSS 0.3%CVE-2025-46386HIGHCWE-639 Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-20114MEDIUMCisco Unified Intelligence Center Insecure Direct Object Reference VulnerabilityEPSS 0.3%CVE-2026-45830HIGHA lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily rEPSS 0.3%CVE-2024-11915MEDIUMRRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2024-29020MEDIUMJumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leakedEPSS 0.3%CVE-2026-12204MEDIUMShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorizationEPSS 0.3%CVE-2026-41160MEDIUMEspoCRM: Broken Access Control / IDOR in Note Pinning API allows unauthorized modification of notesEPSS 0.3%