Weaknesses of type CWE-639

1,528 results

CVE-2021-24739—Logo Carousel < 3.4.2 - Unauthorised Private Post AccessEPSS 1.0%CVE-2021-37184—A vulnerability has been identified in Industrial Edge Management (All versions < V1.3). An unauthenticated attacker could change the the paEPSS 1.0%CVE-2023-26428MEDIUMAttackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. Signatures of EPSS 1.0%CVE-2023-46478HIGHAn issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter.EPSS 1.0%CVE-2019-5466—An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.EPSS 1.0%CVE-2019-15581—An IDOR exists in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a project ownEPSS 1.0%CVE-2021-43820HIGHPermissions check bypass in SeafileEPSS 1.0%CVE-2022-2367—WSM Downloader <= 1.4.0 - Domain Name Restriction BypassEPSS 1.0%CVE-2023-4934HIGHIDOR in Usta AYBSEPSS 0.9%CVE-2026-42097CRITICALAuthentication Bypass in Sparx Pro Cloud ServerEPSS 0.9%CVE-2026-40308HIGHMy Calendar: Unauthenticated Information Disclosure (IDOR) via Multisite switch_to_blogEPSS 0.9%CVE-2020-36923MEDIUMSony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOREPSS 0.9%CVE-2022-29159MEDIUMPossibility for anyone to add a stack with existing tasks on anyone's board in Nextcloud DeckEPSS 0.9%CVE-2023-26984HIGHAn issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a cEPSS 0.9%CVE-2017-0920—GitLab Community and Enterprise Editions before 10.1.6, 10.2.6, and 10.3.4 are vulnerable to an authorization bypass issue in the Projects::EPSS 0.9%CVE-2020-16240—GE Digital APM Classic, Versions 4.4 and prior. An insecure direct object reference (IDOR) vulnerability allows user account data to be downEPSS 0.9%CVE-2018-25270CRITICALThinkPHP 5.0.23 Remote Code Execution via invokefunctionEPSS 0.9%CVE-2023-0558HIGHContentStudio <= 1.2.5 - Authorization BypassEPSS 0.9%CVE-2019-15582—An IDOR was discovered in < 12.3.2, < 12.2.6, and < 12.1.12 for GitLab Community Edition (CE) and Enterprise Edition (EE) that allowed a maiEPSS 0.9%CVE-2023-44249MEDIUMAn authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortEPSS 0.9%

← previouspage 5 / 77next →