Weaknesses of type CWE-639

1,581 results
CVE-2026-49355MEDIUMOpenProject: Private work package data disclosure through single meeting agenda item APIEPSS 0.2%CVE-2026-39331HIGHChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary FamiliesEPSS 0.2%CVE-2026-40590MEDIUMFreeScout's Customer AJAX Create Modifies Hidden Existing CustomerEPSS 0.2%CVE-2026-1291MEDIUMMeow Gallery <= 5.4.4 - Missing Authorization to Authenticated (Author+) Shortcode creationEPSS 0.2%CVE-2025-65020MEDIUMRallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR)EPSS 0.2%CVE-2025-11518MEDIUMWPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist ManipulationEPSS 0.2%CVE-2026-27705MEDIUMPlane Vulnerable to Cross-Workspace/Cross-Project Asset Modification via IDOR in ProjectAssetEndpoint.patchEPSS 0.2%CVE-2026-9241MEDIUMFOX – Currency Switcher Professional for WooCommerce <= 1.4.6 - Authenticated (Subscriber+) Authorization Bypass via User-Controlled Key to 'wooc_order_user_roles' ParameterEPSS 0.2%CVE-2026-39616MEDIUMWordPress Download Attachments plugin <= 1.4.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-40737MEDIUMWordPress COMPE plugin <= 1.1.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-1704MEDIUMAppointment Booking Calendar <= 1.6.9.29 - Insecure Direct Object Reference to Authenticated (Staff+) Sensitive Information ExposureEPSS 0.2%CVE-2026-5337MEDIUMFrontend File Manager Plugin <= 23.6 - Subscriber+ Arbitrary Download Access via IDOREPSS 0.2%CVE-2026-1436HIGHImproper Access Control (IDOR) vulnerability in Graylog Web InterfaceEPSS 0.2%CVE-2026-39354MEDIUMScoold has an Authenticated Arbitrary Question Overwrite via Client-Controlled postId in POST /questions/askEPSS 0.2%CVE-2026-7782MEDIUMCodeCanyon Perfex CRM Tenant Clients.php project authorizationEPSS 0.2%CVE-2026-40591HIGHFreeScout: Improper Authorization in Phone Conversation Creation Enables Cross-Mailbox Hidden Customer ModificationEPSS 0.2%CVE-2026-33740MEDIUMEspoCRM: Email importEml can import and delete another user's attachment by raw fileIdEPSS 0.2%CVE-2026-32114MEDIUMDiscourse's unscoped status lookups leak restricted metadataEPSS 0.2%CVE-2026-10212MEDIUMAstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorizationEPSS 0.2%CVE-2026-10780MEDIUMStatic Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' AttributeEPSS 0.2%