Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1040

1040 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-9342 IDOR in Anadolu Hayat Emeklilik's AHE Mobile — AHE Mobile 6.5 Medium2025-09-23
CVE-2025-43810 Liferay Portal和Liferay DXP 安全漏洞 — Portal 4.3AIMediumAI2025-09-22
CVE-2025-59562 WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability — Academy LMS 5.5 Medium2025-09-22
CVE-2025-57994 WordPress Upcoming Events Lists Plugin <= 1.4.0 - Insecure Direct Object References (IDOR) Vulnerability — Upcoming Events Lists 5.4 Medium2025-09-22
CVE-2025-58012 WordPress Content Mask plugin <= 1.8.5.3 - Insecure Direct Object References (IDOR) vulnerability — Content Mask 3.8 Low2025-09-22
CVE-2025-0875 IDOR in Proliz Software's OBS — OBS (Student Affairs Information System) 6.5 Medium2025-09-22
CVE-2025-10759 Webkul QloApps CSRF Token authorization — QloApps 5.3 Medium2025-09-21
CVE-2025-9081 IDOR in board file download allows any user to download any file by UUID — Mattermost 3.1 Low2025-09-19
CVE-2025-43803 Liferay Portal和Liferay DXP 安全漏洞 — Portal 5.3 -2025-09-19
CVE-2025-8532 IDOR in Bimser's eBA Document and Workflow Management System — eBA Document and Workflow Management System 6.4 Medium2025-09-19
CVE-2025-10719 WisdomGarden|Tronclass - Insecure Direct Object Reference — Tronclass 4.3 Medium2025-09-19
CVE-2025-5948 Service Finder Bookings <= 6.0 - Unauthenticated Privilege Escalation via claim_business — Service Finder Bookings 9.8 Critical2025-09-19
CVE-2025-10493 Chained Quiz <= 1.3.5 - Unauthenticated Insecure Direct Object Reference via Cookie — Chained Quiz 5.3 Medium2025-09-18
CVE-2025-8463 IDOR in SecHard Information Technologies' SecHard — SecHard 5.3 Medium2025-09-17
CVE-2025-8057 IDOR in Patika Global Technologies' HumanSuite — HumanSuite 6.5 Medium2025-09-16
CVE-2025-7355 IDOR in Beefull Energy Technologies' Beefull App — Beefull App 6.5 Medium2025-09-16
CVE-2025-5518 IDOR in ArgusTech's BILGER — BILGER 6.5 Medium2025-09-16
CVE-2025-43790 Liferay Portal和Liferay DXP 安全漏洞 — Portal 8.8AIHighAI2025-09-11
CVE-2025-43782 Liferay Portal和Liferay DXP 安全漏洞 — Portal 4.3AIMediumAI2025-09-11
CVE-2025-59034 Indico may disclose unauthorized user details access via legacy API — indico 4.3 Medium2025-09-10
CVE-2025-7718 Resideo Plugin for Resideo - Real Estate WordPress Theme <= 2.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Privilege Escalation via Account Takeover — Resideo Plugin for Resideo - Real Estate WordPress Theme 8.8 High2025-09-10
CVE-2025-7049 WPGYM - Wordpress Gym Management System <= 67.7.0 - Authenticated (Subscriber+) Privilege Escalation via Account Takeover — WPGYM - Wordpress Gym Management System 8.8 High2025-09-10
CVE-2025-9114 Doccure <= 1.5.0 - Unauthenticated Arbitrary User Password Change — Doccure 9.8 Critical2025-09-08
CVE-2025-58597 WordPress wpForo Forum Plugin <= 2.4.6 - Insecure Direct Object References (IDOR) Vulnerability — wpForo Forum 4.3 Medium2025-09-03
CVE-2024-13063 IDOR in Akinsoft's MyRezzta — MyRezzta 6.8 Medium2025-09-03
CVE-2025-9836 macrozheng mall paySuccess authorization — mall 4.3 Medium2025-09-02
CVE-2025-9835 macrozheng mall cancelUserOrder cancelOrder authorization — mall 4.3 Medium2025-09-02
CVE-2025-0670 IDOR in Akinsoft's ProKuafor — ProKuafor 4.7 Medium2025-09-02
CVE-2025-0640 IDOR in Akinsoft's OctoCloud — OctoCloud 4.7 Medium2025-09-02
CVE-2025-8447 Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access — Enterprise Server 3.1AILowAI2025-08-26

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1040 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.