Weaknesses of type CWE-639

1,579 results
CVE-2026-40600HIGHChartbrew: Incorrect Access Control in project share policy routes via unbound policy_idEPSS 0.2%CVE-2025-1284MEDIUMWoocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information DisclosureEPSS 0.2%CVE-2023-32352A logic issue was addressed with improved checks. This issue is fixed in watchOS 9.5, macOS Ventura 13.4, macOS Big Sur 11.7.7, macOS MonterEPSS 0.2%CVE-2025-43732MEDIUMLiferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3EPSS 0.2%CVE-2026-27793MEDIUMSeerr has Broken Object-Level Authorization in User Profile Endpoint that Exposes Third-Party Notification CredentialsEPSS 0.2%CVE-2025-66553MEDIUMNextcloud Tables app allowed users to view columns metadata information of any tableEPSS 0.2%CVE-2026-56781MEDIUMTeable - Unauthenticated Hidden Field Disclosure via Projection Parameter OverrideEPSS 0.2%CVE-2026-38568HIGHHireFlow v1.2 is vulnerable to Incorrect Access Control. The application does not enforce object-level authorization on the /candidate/<id> EPSS 0.2%CVE-2026-45349HIGHOpen WebUI: Broken Access Control for Completions APIEPSS 0.2%CVE-2026-45551MEDIUMGroup-Office: Authenticated Stored XSS in Administrator Context via Arbitrary Cross-User Setting WriteEPSS 0.2%CVE-2026-52699HIGHWordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-5845HIGHImproper authorization fallback allows scoped user-to-server token installation escape in GitHub Enterprise ServerEPSS 0.2%CVE-2025-52446HIGHAuthorization Bypass Through User-Controlled Key vulnerability in Salesforce Tableau Server on Windows, Linux (tab-doc api modules) allows IEPSS 0.2%CVE-2026-22393MEDIUMWordPress Curly theme <= 3.3 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22391MEDIUMWordPress Cocco theme <= 1.5.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-13157MEDIUMQODE Wishlist for WooCommerce <= 1.2.7 - Unauthenticated Insecure Direct Object Reference to Wishlist UpdateEPSS 0.2%CVE-2026-22426MEDIUMWordPress Sweet Jane theme <= 1.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22396MEDIUMWordPress Fiorello theme <= 1.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-39526MEDIUMWordPress WpStream plugin < 4.11.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22430MEDIUMWordPress Verdure theme <= 1.6 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%