CWE-639: CWE-639

A vulnerability in Nextcloud's Twofactor WebAuthn plugin allows attackers to remove a user's WebAuthn 2FA device by correctly guessing a long random s...

This vulnerability allows repository administrators in Gogs to delete comments from any repository by manipulating comment IDs, bypassing authorizatio...

This vulnerability in the Timetable and Event Schedule WordPress plugin allows users with Contributor-level permissions to duplicate and view events t...

An Insecure Direct Object Reference vulnerability in Medtronic CareLink Network allows authenticated attackers with specific device and user informati...

This CVE describes an insecure direct object reference (IDOR) vulnerability in WeKan versions before 8.19. Authenticated users can spoof comment autho...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in WeKan versions before 8.19. Attackers can manipulate checklist identifi...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in WeKan versions before 8.19. Attackers can manipulate checklist identifi...

This CVE describes an Insecure Direct Object Reference vulnerability in Cloudflare Agents SDK's email routing function. Attackers can spoof email head...

This vulnerability allows authenticated users with normal permissions to modify other users' profile pictures in Askbot. It affects all Askbot version...

An Insecure Direct Object Reference (IDOR) vulnerability in Omada Controllers allows authenticated administrators to manipulate requests and potential...

This vulnerability allows authenticated users to bypass authorization controls in Hubitat Elevation home automation controllers, enabling them to mani...

CVE-2025-4596 is an authorization bypass vulnerability in Asseco ADMX medical records system that allows authenticated users to access other users' me...

This vulnerability allows unauthorized access to sensitive files belonging to other users through an API endpoint. Attackers can access files by guess...

This vulnerability allows unauthorized access to sensitive files belonging to other users through API endpoints. Attackers can access files they shoul...

This vulnerability allows remote attackers to hijack Govee smart devices by binding them to their own accounts through the cloud platform. Attackers g...

This IDOR vulnerability in i2A's CronosWeb allows authenticated attackers to access other users' personal documents by manipulating the documentCode p...

The SolisCloud API has an Insecure Direct Object Reference (IDOR) vulnerability where authenticated users can access detailed data from any solar plan...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in DeporSite by T-INNOVA. Attackers can manipulate the 'idUsuario' paramet...

Zitadel versions 4.0.0-rc.1 through 4.6.2 contain an insecure direct object reference (IDOR) vulnerability in the V2Beta API. Authenticated users with...