Weaknesses of type CWE-639
1,581 resultsCVE-2026-56772MEDIUMNewsBlur < 14.5.0 - Insecure Direct Object Reference in Social Interactions EndpointEPSS 0.2%CVE-2025-64706MEDIUMTypebot IDOR Vulnerability: Unauthorized API Token Deletion and ExposureEPSS 0.2%CVE-2026-31150MEDIUMIncorrect access control in Kaleris YMS v7.2.2.1 allows authenticated attackers with only the shipping/receiving role to view the truck's daEPSS 0.2%CVE-2026-45386MEDIUMOpen WebUI: An IDOR vulnerability exists in the pin_channel_message API endpointEPSS 0.2%CVE-2025-31997MEDIUMHCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR)EPSS 0.2%CVE-2026-45385MEDIUMOpen WebUI: An IDOR vulnerability exists in the update_message_by_id API endpointEPSS 0.2%CVE-2026-7881MEDIUMConcrete CMS 9.5.0 and below is vulnerable to IDOR in the Express Entry Detail blockEPSS 0.2%CVE-2026-39942HIGHDirectus has a Path Traversal and Broken Access Control in File Management APIEPSS 0.2%CVE-2026-39510LOWWordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2025-49334MEDIUMWordPress MyD Delivery plugin <= 1.7.1 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-34602HIGHChamilo LMS: IDOR in /api/course_rel_users Allows Unauthorized Enrollment of Arbitrary Users into CoursesEPSS 0.2%CVE-2025-63053MEDIUMWordPress Master Addons for Elementor plugin <= 2.0.9.9.4 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-24991MEDIUMWordPress Extensions For CF7 plugin <= 3.4.0 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-24634MEDIUMWordPress Ultimate Reviews plugin <= 3.2.16 - Insecure Direct Object References (IDOR) vulnerabilityEPSS 0.2%CVE-2026-45159LOWNextcloud: Files drop share links for end-to-end encrypted folders allowed to drop files into other folders of the share ownerEPSS 0.2%CVE-2026-42227MEDIUMn8n: Public API Variables IDOR Allows Cross-Project Secret DisclosureEPSS 0.2%CVE-2025-12833MEDIUMGeoDirectory – WP Business Directory Plugin and Classified Listings Directory <= 2.8.139 - Missing Authorization to Authenticated (Author+) Arbitrary Image AttachmentEPSS 0.2%CVE-2025-64067MEDIUMPrimakon Pi Portal 1.0.18 API endpoints responsible for retrieving object-specific or filtered data (e.g., user profiles, project records) fEPSS 0.2%CVE-2026-23843HIGHteklifolustur_app's IDOR vulnerability allows unauthorized access to other users' offersEPSS 0.2%CVE-2026-48759HIGHTypeBot: Cross-Workspace Theme Template IDOR (Modification and Deletion)EPSS 0.2%