Weaknesses of type CWE-639

1,581 results
CVE-2026-32114MEDIUMDiscourse's unscoped status lookups leak restricted metadataEPSS 0.2%CVE-2026-10212MEDIUMAstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorizationEPSS 0.2%CVE-2026-33740MEDIUMEspoCRM: Email importEml can import and delete another user's attachment by raw fileIdEPSS 0.2%CVE-2026-7782MEDIUMCodeCanyon Perfex CRM Tenant Clients.php project authorizationEPSS 0.2%CVE-2026-8204MEDIUMConcrete CMS 9.5.0 and below is vulnerable to Authorization Bypass in the Calendar Event Frontend DialogEPSS 0.2%CVE-2026-10780MEDIUMStatic Block <= 2.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode 'id' AttributeEPSS 0.2%CVE-2025-9062HIGHIDOR in MeCODE Informatics' EnvantyEPSS 0.2%CVE-2026-57943MEDIUMLibrePhotos < 1.0.0 - Insecure Direct Object Reference in SetPhotosShared EndpointEPSS 0.2%CVE-2025-12351MEDIUMInadequate access control measure allows unauthorized users to access restricted administrative functionsEPSS 0.2%CVE-2025-13124HIGHIDOR in Netiket''s ApplyLogicEPSS 0.2%CVE-2026-47388LOWNocoDB: Missing Ownership Check in MCP Attachment ReadEPSS 0.2%CVE-2026-2698MEDIUMImproper Access ControlEPSS 0.2%CVE-2026-4400HIGHMultiple vulnerabilities in 1millionbot Millie chatbotEPSS 0.2%CVE-2023-4587HIGHInsecure direct object reference in ZKTeco ZEM800EPSS 0.2%CVE-2025-7900MEDIUMInsecure Direct Object Reference in extension "femanager" (femanager)EPSS 0.2%CVE-2026-33736MEDIUMChamilo LMS has an Insecure Direct Object Reference (IDOR) - User Data ExposureEPSS 0.2%CVE-2025-12366MEDIUMPage Builder: Pagelayer – Drag and Drop website builder <= 2.0.5 - Authenticated (Author+) Insecure Direct Object ReferenceEPSS 0.2%CVE-2026-39374MEDIUMPlane IDOR: Cross-Project Issue Date Modification via Bulk Update EndpointEPSS 0.2%CVE-2016-20033HIGHWowza Streaming Engine 4.5.0 Local Privilege Escalation via nssm_x64.exeEPSS 0.2%CVE-2024-47495HIGHJunos OS Evolved: In a dual-RE scenario a locally authenticated attacker with shell privileges can take over the device.EPSS 0.2%