Weaknesses of type CWE-639

1,590 results
CVE-2026-24755MEDIUMKiteworks Secure Data Forms is vulnerable to Authorization Bypass Through User-Controlled KeyEPSS 0.1%CVE-2026-49192MEDIUMSummary Service Insecure Direct Object ReferenceEPSS 0.1%CVE-2024-21981MEDIUMImproper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution priEPSS 0.1%CVE-2025-8887MEDIUMIDOR in Usta Information Systems' Aybs InteraktifEPSS 0.1%CVE-2026-9248LOWAuthorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to cEPSS 0.1%CVE-2026-55411MEDIUMToolJet: Cross-tenant credential decryption (IDOR) in POST /api/data-sources/decrypt — any authenticated user can decrypt any organization's data-source secretsEPSS 0.1%CVE-2024-13175MEDIUMIDOR in Vidco Software's VOC TESTEREPSS 0.1%CVE-2025-6942LOWThe distributed engine versions 8.4.39.0 and earlier of Secret Server versions 11.7.49 and earlier can be exploited during an initial authorEPSS 0.1%CVE-2025-66546LOWNextcloud Calendar app allowed booking appointments without the generated tokenEPSS 0.1%CVE-2025-8532MEDIUMIDOR in Bimser's eBA Document and Workflow Management SystemEPSS 0.1%CVE-2025-43724MEDIUMDell PowerScale OneFS, versions prior to 9.12.0.0, contains an authorization bypass through user-controlled key vulnerability. A high privilEPSS 0.1%CVE-2026-12411HIGHBroken Access Control in Canonical LXD DevLXD APIEPSS 0.1%CVE-2026-0020HIGHIn parsePermissionGroup of ParsedPermissionUtils.java, there is a possible way to bypass a consent dialog to obtain permissions due to a perEPSS 0.1%CVE-2025-22422HIGHIn multiple locations, there is a possible way to mislead a user into approving an authentication prompt for one app when its result will beEPSS 0.1%CVE-2023-21131In checkKeyIntentParceledCorrectly() of ActivityManagerService.java, there is a possible bypass of Parcel Mismatch mitigations due to a logiEPSS 0.1%CVE-2026-58580MEDIUMLobeChat 2.2.9 - Broken Object-Level Authorization in Message Sub-Resource WritesEPSS CVE-2026-5142MEDIUMForeman: foreman: cross-tenant private ssh key disclosure via taxonomy scoping bypassEPSS CVE-2026-49858MEDIUMAPI Platform Core: Cross-user attribute leak in JSON:API and HAL item normalizers due to missing isCacheKeySafe gateEPSS CVE-2026-59098HIGHLobeChat 2.2.9 - Cross-User Document Disclosure via Unscoped RAG Semantic SearchEPSS CVE-2026-59100LOWLobeChat 2.2.9 - Broken Object Level Authorization via Chat-Group Agent OperationsEPSS