Weaknesses of type CWE-639

1,580 results
CVE-2026-22398MEDIUMWordPress Fleur theme <= 2.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-39526MEDIUMWordPress WpStream plugin < 4.11.2 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-9136HIGHUnauthorized ShadowAttribute modification in MISP via client-supplied identifierEPSS 0.2%CVE-2026-22400MEDIUMWordPress Holmes theme <= 1.7 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-22396MEDIUMWordPress Fiorello theme <= 1.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-56215HIGHCapgo - Account Merge via Poisoned public.users.email in SSO ProvisioningEPSS 0.2%CVE-2025-66123MEDIUMWordPress BookPro plugin <= 1.1.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-2257MEDIUMGetGenie <= 4.3.2 - Insecure Direct Object Reference to Authenticated (Author+) Stored Cross-Site Scripting via REST APIEPSS 0.2%CVE-2025-15657MEDIUMWordPress School Management plugin <= 93.1.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-57630MEDIUMWordPress Blocksy Companion Pro plugin <= 2.1.46 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-34370MEDIUMChamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notesEPSS 0.2%CVE-2026-54016MEDIUMOpen WebUI: Open WebUI BOLA: `search_knowledge_files` Allows Unauthorized Knowledge Base File EnumerationEPSS 0.2%CVE-2026-42515HIGHInsecure Direct Object Reference (IDOR) Vulnerability in e-Sushrut HMISEPSS 0.2%CVE-2026-34985MEDIUMLORIS has incorrect access checks in media moduleEPSS 0.2%CVE-2026-42516HIGHBroken Access Control Vulnerability in e-Sushrut HMISEPSS 0.2%CVE-2026-3568MEDIUMMStore API <= 4.18.3 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Meta UpdateEPSS 0.2%CVE-2026-44678HIGHTuist: IDOR in preview deletion API allows cross-tenant deletion of any preview by UUIDEPSS 0.2%CVE-2026-54360HIGHMISP sharing group creation mass assignment allows unauthorized takeover of existing sharing groupsEPSS 0.2%CVE-2025-14881LOWInsecure direct object referenceEPSS 0.2%CVE-2025-66558LOWNextcloud Twofactor WebAuthn app was updated based on public keyEPSS 0.2%