CWE-639: CWE-639

The Videospirecore Theme Plugin for WordPress has an authentication bypass vulnerability that allows authenticated attackers with Subscriber-level acc...

This CVE describes a privilege escalation vulnerability in Craft CMS's GraphQL API where authenticated users with write access to one asset volume can...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in D-Link D-View 8 network management software. Any authenticated user can...

An authorization bypass vulnerability in Broadcom DX NetOps Spectrum allows attackers to escalate privileges by manipulating user-controlled keys. Thi...

AVideo versions before 20.1 contain an insecure direct object reference vulnerability that allows any authenticated user to upload files into other us...

This vulnerability allows any authenticated user to upload comment images to videos owned by other users in AVideo. Attackers can perform unauthorized...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to change passwords of any user, including administrato...

This vulnerability allows authenticated attackers with Subscriber-level access or higher to change arbitrary users' email addresses, including adminis...

The WPGYM WordPress plugin has a privilege escalation vulnerability that allows authenticated attackers with Subscriber-level access or higher to modi...

The Eventin WordPress plugin has a privilege escalation vulnerability that allows attackers with contributor-level permissions or higher to change any...

CVE-2025-46386 is an authorization bypass vulnerability where attackers can manipulate user-controlled keys to access unauthorized resources. This aff...

The Reales WP STPT WordPress plugin allows authenticated attackers with subscriber-level access to change arbitrary users' passwords and email address...

This vulnerability allows authenticated attackers with teacher-level access or higher in the WPSchoolPress WordPress plugin to escalate privileges by ...

CVE-2024-53406 is an authentication bypass vulnerability in Espressif ESP-IDF v5.3.0 where the device reuses session keys during reconnection, allowin...

An authorization bypass vulnerability in Mavenir SCE Application Provisioning Portal allows authenticated 'guest' users to perform administrative acti...

This CVE describes an authorization bypass vulnerability in Schneider Electric devices where authenticated attackers can manipulate HTTPS requests to ...

This vulnerability in QOCA aim software allows remote attackers with regular user privileges to bypass authorization controls by manipulating user ID ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in SiSMART v7.4.0 dashboard that allows attackers to access other users' d...

This vulnerability in the PublishPress Authors WordPress plugin allows authenticated attackers with Author-level access or higher to modify arbitrary ...

The WP 2FA with Telegram plugin for WordPress has an authentication bypass vulnerability that allows authenticated attackers with subscriber-level per...

This vulnerability allows authenticated WordPress users with subscriber or customer permissions to modify administrator email addresses via an insecur...

This vulnerability allows authenticated WordPress users with subscriber-level access or higher to escalate privileges by changing administrative user ...

This IDOR vulnerability in lunary-ai/lunary allows unauthorized users to view, modify, or delete any dataset_prompt or dataset_prompt_variation across...

This vulnerability allows attackers to bypass authorization controls in the Hearing Tracking System by manipulating user-controlled keys, enabling aut...

This CVE describes an authorization bypass vulnerability in Mia Technology's MİA-MED software where attackers can manipulate user-controlled keys to ...

This vulnerability in the PrestaShop 'Order Duplicator' module allows unauthenticated guests to download customer personal information including names...

This vulnerability allows remote attackers to execute arbitrary code on systems running minCal v1.0.0 by sending a specially crafted script to the cus...

This vulnerability in QSige login SSO allows authenticated users to access resources without proper permission checks. Attackers who have valid login ...

The Simplr Registration Form Plus+ WordPress plugin has an insecure direct object reference vulnerability that allows authenticated users with subscri...

This vulnerability in SearchBlox allows authenticated users to create multiple super admin accounts, bypassing intended business logic. It affects Sea...

This vulnerability in TigerGraph Enterprise 3.7.0 allows any code running as the tigergraph user to write arbitrary SSH public keys to the authorized_...

This CVE describes an authorization bypass vulnerability in alf.io event management software where attackers can manipulate user-controlled keys to ac...

This vulnerability allows attackers to bypass authentication in Vadi Corporate Information Systems DigiKent by manipulating user-controlled keys. It a...

This vulnerability in the WooCommerce Multiple Customer Addresses & Shipping WordPress plugin allows any authenticated user (even low-privilege subscr...

This vulnerability allows attackers to bypass authorization controls in OpenEMR by manipulating user-controlled keys, potentially accessing unauthoriz...

This CVE describes an Insecure Direct Object Reference vulnerability in the Advanced Forms WordPress plugin that allows authenticated attackers to cha...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Siemens Teamcenter PLM software. Attackers can manipulate user-supplied...