Weaknesses of type CWE-639

1,579 results
CVE-2026-25530MEDIUMKanboard is missing authorization check in getSwimlane API allows cross-project data accessEPSS 0.2%CVE-2026-56013MEDIUMWordPress License Manager for WooCommerce plugin <= 3.0.15 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-5395HIGHFluent Forms <= 6.2.0 - Authenticated (Subscriber+) Authorization Bypass via 'table' ParameterEPSS 0.2%CVE-2025-41095HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2026-8611MEDIUMKlamra Paycal for Aspaclaria <= 1.1.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Sensitive Information Exposure via 'invoice_id' ParameterEPSS 0.2%CVE-2025-41096HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-41093HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-41092HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-41094HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-43782MEDIUMInsecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7EPSS 0.2%CVE-2025-41097HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2025-25777HIGHInsecure Direct Object Reference (IDOR) in Codeastro Bus Ticket Booking System v1.0 allows unauthorized access to user profiles. By manipulaEPSS 0.2%CVE-2026-24379MEDIUMWordPress WP Job Portal plugin <= 2.4.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-28782MEDIUMCraft has a Permission Bypass and IDOR in Duplicate Entry ActionEPSS 0.2%CVE-2025-41091HIGHInsecure Direct Object Reference in GPS BOLD WorkplannerEPSS 0.2%CVE-2026-55255CRITICALLangflow: IDOR Vulnerability in `/api/v1/responses` Endpoint Allows Authenticated Attackers to Access Another User's FlowEPSS 0.2%CVE-2025-3282MEDIUMUser Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership ModificationEPSS 0.2%CVE-2025-66286MEDIUMWebkitgtk: authorization bypass through webpage::send-request signal handlerEPSS 0.2%CVE-2026-1883MEDIUMWicked Folders <= 4.1.0 - Insecure Direct Object Reference to Authenticated (Contributor+) Arbitrary Folder DeletionEPSS 0.2%CVE-2026-40600HIGHChartbrew: Incorrect Access Control in project share policy routes via unbound policy_idEPSS 0.2%