Weaknesses of type CWE-639
1,569 resultsCVE-2026-7886LOWConcrete CMS 9.5.0 and below is vulnerable to IDOR in AddMessage/UpdateMessage via attachments[] parameterEPSS 0.3%CVE-2024-10692MEDIUMPowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post DisclosureEPSS 0.3%CVE-2026-54826HIGHWordPress SupportCandy plugin <= 3.4.6 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2026-3321HIGHAuthorization Bypass in ON24 Q&A chatEPSS 0.3%CVE-2025-59133HIGHWordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-3769MEDIUMLatepoint <= 5.1.92 - Unauthenticated Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-44736MEDIUMOpenProject: Relations API Filter Bypasses Visibility Scope, Leaking Cross-Project Work Package SubjectsEPSS 0.3%CVE-2026-53471CRITICALMigration-planner: agent api ignores jwt source_id claimEPSS 0.3%CVE-2025-54691MEDIUMWordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2026-10038MEDIUMCharitable <= 1.8.11.1 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Attachment Deletion via 'avatar' ParameterEPSS 0.3%CVE-2024-52601MEDIUMiTop portal Insecure Direct Object Reference vulnerabilityEPSS 0.3%CVE-2026-44504HIGHAegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)EPSS 0.3%CVE-2025-57994MEDIUMWordPress Upcoming Events Lists Plugin <= 1.4.0 - Insecure Direct Object References (IDOR) VulnerabilityEPSS 0.3%CVE-2026-1251MEDIUMSupportCandy – Helpdesk & Customer Support Ticket System <= 3.4.4 - Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-45281HIGHNextcloud: Cross-Account Calendar Takeover via Unauthorized Group-Member-Set UpdateEPSS 0.3%CVE-2026-31867MEDIUMCraft Commerce has a Potential IDOR in Commerce cartsEPSS 0.3%CVE-2025-7049HIGHWPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account TakeoverEPSS 0.3%CVE-2025-8447HIGHIncorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only accessEPSS 0.3%CVE-2026-30231MEDIUMFlare: Private File IDOR via raw/direct endpointsEPSS 0.3%CVE-2024-11216HIGHBroken Access Control in PozitifIK's Pik OnlineEPSS 0.3%