CWE-639: CWE-639

This broken access control vulnerability allows authenticated attackers to modify any user's templates in lunary-ai/lunary by sending crafted HTTP POS...

The Omnipress WordPress plugin vulnerability allows authenticated attackers with Contributor-level access or higher to view password-protected, privat...

This vulnerability in SAP S/4HANA's Manage Bank Statements functionality allows authenticated users to bypass intended restrictions and upload files t...

This vulnerability in SAP S/4HANA's Manage Bank Statements function allows authenticated users to delete attachments from posted bank statements witho...

This vulnerability in the FooGallery WordPress plugin allows authenticated attackers with gallery creator access or higher to modify arbitrary posts a...

The Ultra Addons Lite for Elementor WordPress plugin has an information exposure vulnerability that allows authenticated attackers with Contributor-le...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to delete profile photos from other user accounts. It a...

The DethemeKit For Elementor WordPress plugin allows authenticated attackers with Contributor-level access or higher to duplicate password-protected, ...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to export ticket data belonging to any user in the Maje...

The Typer Core WordPress plugin has an information disclosure vulnerability that allows authenticated users with Contributor-level access or higher to...

The Piotnet Addons For Elementor WordPress plugin allows authenticated attackers with Contributor-level access or higher to extract data from private ...

The RRAddons for Elementor WordPress plugin allows authenticated attackers with Contributor-level access or higher to view private or draft posts they...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to submit resumes on behalf of other applicants when ap...

This vulnerability in the WP Job Portal WordPress plugin allows authenticated users with Subscriber-level access or higher to create job listings for ...

An Insecure Direct Object Reference (IDOR) vulnerability in Khoj's subscription endpoint allows authenticated users to modify other users' Stripe subs...

The Full Screen Menu for Elementor WordPress plugin allows authenticated attackers with contributor-level access or higher to view private or draft po...

An IDOR vulnerability in Oqtane Framework 6.0.0 allows authenticated users to access other users' inbox messages by manipulating notification IDs in U...

The Shortcodes for Elementor WordPress plugin allows authenticated attackers with Contributor-level access or higher to extract data from private and ...

The Get Post Content Shortcode WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Contrib...

An object-level access control vulnerability in Unifiedtransform allows unauthorized students to view other students' grades by manipulating the stude...

The PowerPack Elementor Addons WordPress plugin has an information exposure vulnerability that allows authenticated attackers with Contributor-level a...

The AnyWhere Elementor WordPress plugin vulnerability allows authenticated attackers with Contributor-level access or higher to extract data from priv...

The LA-Studio Element Kit for Elementor WordPress plugin allows authenticated attackers with Contributor-level access or higher to view private and dr...

This vulnerability in the Dollie Hub WordPress plugin allows authenticated attackers with Contributor-level access or higher to view password-protecte...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to extract data from private or draft posts created vi...

The Primary Addon for Elementor WordPress plugin has an information exposure vulnerability that allows authenticated users with Contributor-level acce...

The Easy Twitter Feed WordPress plugin has an information exposure vulnerability that allows authenticated users with Contributor-level access or high...

This vulnerability in the If-So Dynamic Content Personalization WordPress plugin allows authenticated attackers with Contributor-level access or highe...

This vulnerability allows authenticated WordPress users with Contributor-level access or higher to view draft, private, and pending posts they shouldn...

The Theme Builder For Elementor WordPress plugin has an information exposure vulnerability that allows authenticated users with Contributor-level acce...

The Popularis Extra WordPress plugin has an information disclosure vulnerability that allows authenticated attackers with Contributor-level access or ...

This vulnerability in the WordPress Countdown Timer block plugin allows authenticated attackers with Contributor-level access or higher to bypass acce...

This vulnerability allows authenticated data.all users to bypass intended access controls by manipulating dataset queries to retrieve sensitive enviro...

This IDOR vulnerability in KubeSphere allows authenticated users with low privileges to access sensitive resources they shouldn't have permission to v...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Mirapolis LMS that allows authenticated users to manipulate ID and STEP...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to access other users' private files through the User P...

This vulnerability allows attackers to bypass authorization by manipulating user-controlled keys, enabling unauthorized access to restricted resources...

The Custom Field For WP Job Manager WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with co...

This vulnerability allows attackers to bypass authorization controls in Academy LMS WordPress plugin by manipulating user-controlled keys. It affects ...

The Page and Post Clone WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Author-level p...

This vulnerability in the Bricks Builder WordPress plugin allows authenticated users with Contributor-level access or higher to modify posts and pages...

The User Profile Picture WordPress plugin has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Author-level ...

This vulnerability allows authenticated attackers with Instructor-level access or higher in Tutor LMS WordPress plugin to delete arbitrary quiz attemp...

This vulnerability in McAfee ePolicy Orchestrator (ePO) allows authenticated users with regular privileges to delete client tasks and assignments thro...

Chainlit versions before 2.8.5 contain an authorization bypass vulnerability where attackers can view threads or claim thread ownership by manipulatin...

HCL Unica Centralized Offer Management has an Insecure Direct Object Reference (IDOR) vulnerability that allows attackers to bypass authorization and ...

This vulnerability in OpenSearch Observability plugins allows unauthorized users to access private tenant resources like notebooks. It affects OpenSea...

This vulnerability allows authenticated users to view certain pipeline values via API queries in affected GitLab versions. It affects all GitLab CE/EE...

This vulnerability in Nextcloud Talk allows participants with chat permissions to delete poll drafts created by other participants within the same con...

This vulnerability in Nextcloud Calendar allows attackers to blindly book appointments using sequential IDs without needing the appointment token. It ...