Weaknesses of type CWE-639

1,576 results
CVE-2026-50194HIGHSteeltoe vulnerable to management-port isolation bypass via spoofed Host headerEPSS 0.2%CVE-2025-36023MEDIUMIBM Cloud Pak for Business Automation security bypassEPSS 0.2%CVE-2025-0642MEDIUMHard-coded Credentials in PosCube's AssistEPSS 0.2%CVE-2025-34438MEDIUMAVideo < 20.1 IDOR Arbitrary Video RotationEPSS 0.2%CVE-2025-27561MEDIUMGrowatt Cloud portal Authorization Bypass Through User-Controlled KeyEPSS 0.2%CVE-2025-66547MEDIUMNextcloud Server users can modify tags on files that do not belong to themEPSS 0.2%CVE-2025-8463MEDIUMIDOR in SecHard Information Technologies' SecHardEPSS 0.2%CVE-2025-58055MEDIUMDiscourse AI Suggestions Contain Insecure Direct Object ReferenceEPSS 0.2%CVE-2025-64011MEDIUMNextcloud Server 30.0.0 is vulnerable to an Insecure Direct Object Reference (IDOR) in the /core/preview endpoint. Any authenticated user caEPSS 0.2%CVE-2026-40589HIGHFreeScout has Customer Edit Cross-Mailbox Email TakeoverEPSS 0.2%CVE-2025-68502MEDIUMWordPress JetPopup plugin <= 2.0.20.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-52812HIGHGogs: LFS dedupe path leaks private repo content across tenantsEPSS 0.2%CVE-2026-55611NONEAnythingLLM: embed-parsed-file cleanup deletes any parsed file by ID without ownership scoping (cross-tenant IDOR deletion)EPSS 0.2%CVE-2026-33934MEDIUMOpenEMR's Missing Authorization in show-signature.php Allows Portal Patients to Read Staff SignaturesEPSS 0.2%CVE-2026-7145MEDIUMmettle sendportal Invitation WorkspaceInvitationsController.php destroy authorizationEPSS 0.2%CVE-2026-56013MEDIUMWordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-59034MEDIUMIndico may disclose unauthorized user details access via legacy APIEPSS 0.2%CVE-2024-29024MEDIUMJumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer FunctionalityEPSS 0.2%CVE-2026-39384HIGHFreeScout Customer Merge Cross-Mailbox Authorization BypassEPSS 0.2%CVE-2025-63513MEDIUMkishan0725 Hospital Management System v4 has an Insecure Direct Object Reference (IDOR) vulnerability in the appointment cancellation functiEPSS 0.2%