CWE-639 CVEs and Security Vulnerabilities

Filtered by CWE-639

Search

Switch to Advanced Search (Beta)

Total 1329 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2025-69030	3 Mikado-themes, Qodeinteractive, Wordpress	3 Backpack Traveler, Backpack Traveler, Wordpress	2026-01-29	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Backpack Traveler backpacktraveler allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Backpack Traveler: from n/a through <= 2.10.3.
CVE-2020-16194	1 Store-opart	1 Op\'art Devis	2026-01-27	5.3 Medium
An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. Unauthenticated attackers can have access to any user's invoice and delivery address by exploiting an IDOR on the delivery_address and invoice_address fields.
CVE-2026-1213	1 Askbot	1 Askbot	2026-01-27	N/A
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.
CVE-2026-22411	2 Mikado-themes, Wordpress	2 Dolcino, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Dolcino dolcino allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Dolcino: from n/a through <= 1.6.
CVE-2026-22409	2 Mikado-themes, Wordpress	2 Justicia, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Justicia justicia allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Justicia: from n/a through <= 1.2.
CVE-2026-22407	2 Mikado-themes, Wordpress	2 Roam, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Roam roam allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Roam: from n/a through <= 2.1.1.
CVE-2026-22406	2 Mikado-themes, Wordpress	2 Overton, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Overton overton allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Overton: from n/a through <= 1.3.
CVE-2026-22391	2 Mikado-themes, Wordpress	2 Cocco, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Cocco cocco allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cocco: from n/a through <= 1.5.1.
CVE-2026-22404	2 Mikado-themes, Wordpress	2 Innovio, Wordpress	2026-01-27	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Innovio innovio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Innovio: from n/a through <= 1.7.
CVE-2025-14459	1 Redhat	1 Container Native Virtualization	2026-01-27	8.5 High
A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism.
CVE-2025-9520	1 Tp-link	1 Omada Controller	2026-01-27	N/A
An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.
CVE-2025-47555	2 Themeum, Wordpress	2 Tutor Lms, Wordpress	2026-01-26	8.1 High
Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS tutor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Tutor LMS: from n/a through <= 3.9.4.
CVE-2026-22400	2 Mikado-themes, Wordpress	2 Holmes, Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Holmes holmes allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Holmes: from n/a through <= 1.7.
CVE-2026-22398	2 Mikado-themes, Wordpress	2 Fleur, Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fleur fleur allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fleur: from n/a through <= 2.0.
CVE-2026-22396	2 Mikado-themes, Wordpress	2 Fiorello, Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Fiorello fiorello allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fiorello: from n/a through <= 1.0.
CVE-2026-22393	2 Mikado-themes, Wordpress	2 Curly, Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Curly curly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Curly: from n/a through <= 3.3.
CVE-2026-22430	2 Mikado-themes, Wordpress	2 Verdure, Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Verdure verdure allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Verdure: from n/a through <= 1.6.
CVE-2026-22426	1 Wordpress	1 Wordpress	2026-01-26	5.4 Medium
Authorization Bypass Through User-Controlled Key vulnerability in Elated-Themes Sweet Jane sweetjane allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sweet Jane: from n/a through <= 1.2.
CVE-2026-24379	2 Wordpress, Wpjobportal	2 Wordpress, Wp Job Portal	2026-01-26	9.1 Critical
Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3.
CVE-2024-47495	1 Juniper	2 Junos Evolved, Junos Os Evolved	2026-01-26	6.7 Medium
An Authorization Bypass Through User-Controlled Key vulnerability allows a locally authenticated attacker with shell access to gain full control of the device when Dual Routing Engines (REs) are in use on Juniper Networks Junos OS Evolved devices. This issue affects: Juniper Networks Junos OS Evolved with dual-REs: * All versions before 21.2R3-S8-EVO, * from 21.4-EVO before 21.4R3-S8-EVO, * from 22.2-EVO before 22.2R3-S4-EVO, * from 22.3-EVO before 22.3R3-S4-EVO, * from 22.4-EVO before 22.4R3-S3-EVO, * from 23.2-EVO before 23.2R2-S1-EVO, * from 23.4-EVO before 23.4R2-S1-EVO. This issue does not affect Juniper Networks Junos OS.

« first previous Page 8 of 67. next last »