Weaknesses of type CWE-639

1,574 results
CVE-2026-1558MEDIUMWP Recipe Maker <= 10.3.2 - Insecure Direct Object Reference to Unauthenticated Arbitrary Post Metadata Modification via 'recipeId' ParameterEPSS 0.3%CVE-2026-30927MEDIUMAdmidio: Event participation IDOR - non-leaders can register other users for events via user_uuid parameterEPSS 0.3%CVE-2026-29071LOWOpen WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memoriesEPSS 0.3%CVE-2026-32104MEDIUMStudioCMS: IDOR in User Notification Preferences Allows Any Authenticated User to Modify Any User's SettingsEPSS 0.3%CVE-2026-45810MEDIUMNextcloud: Propfind requests for file comments allowed to load comments for other filesEPSS 0.3%CVE-2025-67985MEDIUMWordPress Document Library Lite plugin <= 1.1.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.3%CVE-2025-27433MEDIUMBroken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)EPSS 0.3%CVE-2025-10039MEDIUMELEX WordPress HelpDesk & Customer Ticketing System <= 3.2.9 - Authenticated (Subscriber+) Insecure Direct Object Reference via 'eh_crm_ticket_single_view_client'EPSS 0.3%CVE-2025-13479HIGHIDOR in PosCube's QR MenuEPSS 0.3%CVE-2024-13887MEDIUMBusiness Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image AdditionEPSS 0.3%CVE-2026-41372MEDIUMOpenClaw < 2026.4.2 - Loopback Protection Bypass via Trailing-Dot Localhost in CDP DiscoveryEPSS 0.3%CVE-2026-24900MEDIUMMarkUs has a submission-view IDOR exposes all student submissionsEPSS 0.3%CVE-2025-65030HIGHRallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment RemovalEPSS 0.3%CVE-2025-31950MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-31941MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-31357MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2026-44776MEDIUMKavita: IDOR in /api/Download/*EPSS 0.3%CVE-2025-13748MEDIUMFluent Forms <= 6.1.7 - Unauthenticated Insecure Direct Object Reference to Payment Status Tampering via submission_idEPSS 0.3%CVE-2025-31147MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.3%CVE-2025-12524MEDIUMPost Type Switcher <= 4.0.0 - Insecure Direct Object Reference to Authenticated (Author+) Post Type ChangeEPSS 0.3%