CWE-639: CWE-639

The WPC Smart Quick View for WooCommerce WordPress plugin has an information disclosure vulnerability that allows unauthenticated attackers to access ...

The WPC Smart Wishlist for WooCommerce WordPress plugin has an Insecure Direct Object Reference vulnerability that allows unauthenticated attackers to...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Stylemix Motors WordPress plugin that allows attackers to bypass au...

The Free Booking Plugin for WordPress is vulnerable to Insecure Direct Object Reference (IDOR) allowing unauthenticated attackers to view any booking ...

This vulnerability allows unauthenticated attackers to access appointment details including customer names and email addresses through the LatePoint W...

An unauthenticated attacker can access other users' charger information through an authorization bypass vulnerability. This affects systems with vulne...

This vulnerability allows unauthenticated attackers to enumerate smart devices by querying an unprotected API with a known username. It affects system...

An unauthenticated attacker can retrieve EV charger version information and firmware upgrade history by knowing the charger's identifier. This informa...

Unauthenticated attackers can rename rooms belonging to arbitrary users in affected systems. This authorization bypass vulnerability allows attackers ...

This vulnerability allows an attacker to export other users' plant information from affected systems, potentially exposing sensitive operational data....

This vulnerability allows unauthenticated attackers to enumerate smart devices by knowing a valid username. It affects systems that expose smart devic...

This vulnerability allows unauthenticated attackers to retrieve a user's plant list by simply knowing their username. It affects systems using vulnera...

An unauthenticated attacker can retrieve smart meter serial numbers using only the owner's username, bypassing authentication requirements. This affec...

Unauthenticated attackers can access information about smart device collections (rooms) that should be restricted. This affects systems running vulner...

This vulnerability allows unauthenticated attackers to determine which usernames exist in a system by querying a specific API. This affects systems ru...

An improper access control vulnerability in LibreChat allows authenticated users to delete other users' prompts by manipulating the groupid parameter....

This vulnerability allows unauthenticated attackers to upload arbitrary images to WordPress listings via the Business Directory Plugin. All WordPress ...

This vulnerability in GitLab Enterprise Edition allows Guest users to read Security policy YAML files, potentially exposing sensitive security configu...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Amelia WordPress booking plugin. Attackers can bypass authorization...

This vulnerability allows unauthenticated attackers to download user resumes without authorization in the WP Job Portal WordPress plugin. It affects a...

This vulnerability allows unauthenticated attackers to delete arbitrary company logos in the WP Job Portal WordPress plugin due to missing validation ...

The Post Duplicator WordPress plugin allows authenticated attackers with Contributor-level access or higher to duplicate password-protected, private, ...

This vulnerability in the WordPress Content No Cache plugin allows unauthenticated attackers to access password-protected, private, or draft posts tha...

The Cowidgets – Elementor Addons WordPress plugin has an information exposure vulnerability that allows authenticated attackers with Contributor-lev...

This vulnerability in the Aimeos frontend controller package allows attackers to disable subscriptions and reviews belonging to other customers throug...

This vulnerability allows attackers to bypass authorization controls in Propovoice CRM by manipulating user-controlled keys, enabling unauthorized acc...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the KiviCare WordPress plugin. It allows authenticated users to bypass ...

This vulnerability allows attackers to bypass authorization controls in the SEOPress WordPress plugin by manipulating user-controlled keys. It affects...

CVE-2023-24842 is an insufficient access control vulnerability in HGiga MailSherlock that allows unauthenticated remote attackers to view other users'...

An Insecure Direct Object Reference (IDOR) vulnerability in BlackBerry AtHoc Management Console version 7.21 allows attackers to access information ab...

This vulnerability allows remote attackers with low-privilege accounts to bypass authorization controls and read sensitive data via crafted HTTP reque...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the JobBoard Job Listing WordPress plugin that allows attackers to bypa...

This vulnerability involves locale-specific case conversion inconsistencies in Java's String.toLowerCase() and String.toUpperCase() methods, which can...

CVE-2025-0670 is an authorization bypass vulnerability in Akinsoft ProKuafor software that allows attackers to access resources by manipulating user-c...

CVE-2025-0640 is an authorization bypass vulnerability in Akinsoft OctoCloud that allows attackers to access resources they shouldn't have permission ...

This vulnerability allows a high-privileged attacker with local access to bypass authorization controls in Dell PowerScale OneFS, potentially gaining ...

This CVE describes an authorization bypass vulnerability in Akbim Software Online Exam Registration where attackers can manipulate user-controlled key...

An authenticated attacker can bypass pipeline authorization controls in GitLab by using specially crafted naming conventions. This vulnerability affec...

The Booking Calendar plugin for WordPress has an Insecure Direct Object Reference vulnerability that allows authenticated attackers with Subscriber-le...

This vulnerability allows authenticated Kanboard users to access swimlane data from projects they shouldn't have permission to view. It affects all Ka...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to modify other users' membership payment data in the W...

This vulnerability in OpenProject allows authenticated attackers to move meeting agenda items into different meetings they shouldn't have access to, p...

This vulnerability allows authenticated WordPress users with Author-level permissions or higher to access private timeline content they shouldn't see....

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to disable Google Authenticator two-factor authenticati...

A vulnerability in NetApp ONTAP with snapshot locking enabled allows privileged remote attackers to set snapshot expiry times to 'none', potentially p...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the Wptexture Image Slider Slideshow WordPress plugin. Attackers can by...

The ACF to REST API WordPress plugin has an insecure direct object reference vulnerability that allows authenticated users with Contributor-level acce...

This CVE describes an Insecure Direct Object Reference (IDOR) vulnerability in the YoOhw Studio Order Cancellation & Returns for WooCommerce WordPress...

This CVE describes an authorization bypass vulnerability in the Crocoblock JetPopup WordPress plugin where attackers can manipulate user-controlled ke...

The WP JobHunt plugin for WordPress (used by JobCareer theme) has an Insecure Direct Object Reference vulnerability that allows authenticated attacker...