CWE-639: CWE-639

This vulnerability allows anonymous remote attackers to view private project and filter names in Atlassian Jira Server and Data Center via an Insecure...

This vulnerability allows unauthenticated remote attackers to view names of private projects and filters in Atlassian Jira Server and Data Center via ...

This vulnerability allows attackers to enumerate and download user profile pictures in Yellowfin BI software through an Insecure Direct Object Referen...

This vulnerability in Nextcloud Richdocuments allows attackers to bypass 'Upload Only' file drop restrictions and read arbitrary files from public lin...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the LifterLMS WordPress plugin. It allows authenticated students to acc...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Shiprocket WordPress plugin that allows attackers to bypass authori...

This vulnerability allows attackers to bypass authorization controls in MeCODE Informatics and Engineering Services Ltd. Envanty software by manipulat...

The WP Project Manager plugin for WordPress has an Insecure Direct Object Reference vulnerability that allows unauthenticated attackers to impersonate...

This critical vulnerability in wfh45678 Radar allows remote attackers to bypass authentication by manipulating the Interface Handler component with /....

This CVE describes an authorization bypass vulnerability in SourceCodester Employee Task Management System 1.0. Attackers can manipulate the admin_id ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in SourceCodester Employee Task Management System 1.0. Attackers can bypas...

This vulnerability allows remote attackers to bypass authentication in SourceCodester Clinic Queuing System 1.0 by manipulating the formToken argument...

This vulnerability allows attackers to bypass authorization controls by manipulating user-controlled keys in the parse-path library. It affects applic...

CVE-2021-44160 allows remote attackers to bypass authentication in Carinal Tien Hospital Health Report System by modifying cookie parameters. This ena...

This vulnerability allows attackers to bypass the security PIN prompt in the secondscreen.gateway service on affected LG webOS smart TVs. Attackers ca...

This vulnerability allows an attacker with administrative API access to vRealize Operations Manager to modify other users' information, potentially le...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the teklifolustur_app PHP application. Authenticated users can manipula...

This vulnerability allows attackers to bypass authorization controls in PaperWork by manipulating user-controlled keys or identifiers. It affects all ...

An authorization bypass vulnerability in Turpak Automatic Station Monitoring System allows attackers to escalate privileges by manipulating user-contr...

This vulnerability in HCL MyXalytics allows attackers to access unauthorized data due to missing access control checks. It affects users of HCL MyXaly...

This vulnerability allows authenticated Sentry users to mute alert rules from organizations and projects they don't belong to or have permissions for....

This vulnerability allows authenticated attackers to bypass authorization controls and access other users' SIP configuration data on FortiVoiceEnterpr...

This vulnerability allows attackers to bypass authorization controls in NetIQ Client Login Extension on Windows by manipulating user-controlled keys, ...

HCL DRYiCE MyXalytics has an Insecure Direct Object Reference (IDOR) vulnerability that allows authenticated users to access other users' information ...

Nexx Smart Home devices have an access control vulnerability that allows attackers with a valid device ID to access sensitive device information, modi...

The MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability that allows authenticated users to access...

CVE-2022-22331 is an Insecure Direct Object Reference (IDOR) vulnerability in IBM Sterling Partner Engagement Manager 6.2.0 that allows authenticated ...

This vulnerability allows authenticated WordPress users to access or modify data belonging to other users through insecure direct object references in...

This CVE describes an authorization bypass vulnerability in IBM Db2 where authenticated users can execute unauthorized commands by exploiting cataloge...

Honeywell S35 Series Cameras have an authorization bypass vulnerability in the user controller key that allows attackers to escalate privileges to adm...

This vulnerability allows attackers to bypass authorization controls in Akinsoft MyRezzta by manipulating user-controlled keys, enabling forceful brow...

This Bluetooth vulnerability allows an unauthenticated attacker to perform a man-in-the-middle attack during pairing to discover the passkey. It affec...

A permission check vulnerability in GitLab CE/EE allows LFS (Large File Storage) tokens to read and write to user-owned repositories without proper au...

An authorization bypass vulnerability in Juniper Junos OS Evolved allows locally authenticated attackers with shell access to gain full device control...

OpenEMR versions up to 8.0.0 contain an authorization bypass vulnerability in the eye exam module. Authenticated users can access or modify any patien...

This vulnerability in OpenEMR allows authenticated users with document access control to bypass authorization checks and view other patients' photos b...

This vulnerability in OpenEMR allows any authenticated user to view all internal messages in the Message Center by accessing messages.php?show_all=yes...

This CVE describes an improper access control vulnerability where authenticated users can access resources beyond their authorized permissions. It aff...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Paid Member Subscriptions WordPress plugin. Attackers can bypass au...

This IDOR vulnerability in PHPGurukul Hospital Management System allows authenticated users to access other patients' confidential medical records by ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in Graylog API version 2.2.3 where authenticated users can modify user IDs...

MarkUs versions before 2.9.1 contain an authorization bypass vulnerability where users can access arbitrary student submission files by manipulating t...

StudioCMS versions before 0.2.0 contain a Broken Object Level Authorization vulnerability that allows users with the 'Visitor' role to access draft co...

This CVE describes an authorization bypass vulnerability in the Contact Form Email WordPress plugin where attackers can access or manipulate data by c...

AVideo versions before 20.1 contain an insecure direct object reference (IDOR) vulnerability that allows any authenticated user to delete media files ...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Essential Real Estate WordPress plugin that allows attackers to byp...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the FAPI Member WordPress plugin that allows attackers to bypass author...

This CVE describes an authorization bypass vulnerability in Tuleap's file release system. Attackers can access file release information in projects th...

An Insecure Direct Object Reference (IDOR) vulnerability in EduplusCampus 3.0.1 allows authenticated users to access other students' personal and fina...

This vulnerability allows attackers to generate unlimited valid licenses for the GAMS licensing system by exploiting an insecure checksum algorithm. A...