CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1040

1040 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-57886	WordPress Accessibility Checker by Equalize Digital Plugin <= 1.30.0 - Insecure Direct Object References (IDOR) Vulnerability — Accessibility Checker by Equalize Digital	5.4	Medium	2025-08-22
CVE-2025-5261	IDOR in PozitifIK's Pik Online — Pik Online	7.5	High	2025-08-20
CVE-2025-53208	WordPress Maya Business <= 1.2.0 - Insecure Direct Object References (IDOR) Vulnerability — Maya Business	7.5	High	2025-08-20
CVE-2025-55737	flaskBlog arbitrary comment delete — FlaskBlog	6.5	-	2025-08-19
CVE-2025-43732	Liferay Portal和Liferay DXP 安全漏洞 — Portal	6.5^AI	Medium^AI	2025-08-18
CVE-2025-54691	WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability — Motors	5.3	Medium	2025-08-14
CVE-2025-8770	Authorization Bypass Through User-Controlled Key in GitLab — GitLab	6.5	Medium	2025-08-13
CVE-2025-3089	Broken Access Control in ServiceNow AI Platform — ServiceNow AI Platform	6.5^AI	Medium^AI	2025-08-12
CVE-2025-8794	LitmusChaos Litmus LocalStorage authorization — Litmus	5.3	Medium	2025-08-10
CVE-2025-8789	Portabilis i-Educar API Endpoint Diario authorization — i-Educar	4.3	Medium	2025-08-10
CVE-2025-8755	macrozheng mall com.macro.mall.portal.controller UmsMemberController.java detail authorization — mall	5.3	Medium	2025-08-09
CVE-2025-4796	Eventin <= 4.0.34 - Authenticated (Contributor+) Privilege Escalation via User Email Change/Account Takeover — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered)	8.8	High	2025-08-08
CVE-2025-36023	IBM Cloud Pak for Business Automation security bypass — Cloud Pak for Business Automation	6.5	Medium	2025-08-08
CVE-2025-46387	Emby MediaBrowser 安全漏洞 — MediaBrowser	8.8	High	2025-08-06
CVE-2025-46386	Emby MediaBrowser 安全漏洞 — MediaBrowser	8.8	High	2025-08-06
CVE-2025-5947	Service Finder Bookings <= 6.0 - Authentication Bypass via User Switch Cookie — Service Finder Bookings	9.8	Critical	2025-08-01
CVE-2025-53357	GLPI permits reservation modification by unauthorized users — glpi	5.4	Medium	2025-07-30
CVE-2025-52448	Salesforce Tableau Server 安全漏洞 — Tableau Server	8.1	-	2025-07-25
CVE-2025-52447	Salesforce Tableau 安全漏洞 — Tableau Server	8.1	-	2025-07-25
CVE-2025-52446	Salesforce Tableau 安全漏洞 — Tableau Server	8.1	-	2025-07-25
CVE-2025-34140	ETQ Reliance CG/NXG API Authorization Bypass via ;localized-text URI Suffix — Reliance CG (legacy)	5.3	-	2025-07-22
CVE-2025-7900	Insecure Direct Object Reference in extension "femanager" (femanager) — Extension "femanager"	4.3	-	2025-07-22
CVE-2025-7899	Insecure Direct Object Reference in extension "powermail" (powermail) — Extension "powermail"	7.5	-	2025-07-22
CVE-2025-7938	jerryshensjf JPACookieShop 蛋糕商城JPA版 GoodsController.java updateGoods authorization — JPACookieShop 蛋糕商城JPA版	4.3	Medium	2025-07-21
CVE-2025-4129	IDOR in PAVO Inc.'s PAVO Pay — PAVO Pay	7.5	High	2025-07-21
CVE-2025-4040	IDOR in Turpak's Automatic Station Monitoring System — Automatic Station Monitoring System	7.1	High	2025-07-21
CVE-2025-2301	IDOR in Akbim Software's Online Exam Registration — Online Exam Registration	4.4	Medium	2025-07-21
CVE-2025-5681	IDOR in Turtek Software's Eyotek — Eyotek	6.5	Medium	2025-07-21
CVE-2025-1469	IDOR in Turtek Software's Eyotek — Eyotek	7.5	High	2025-07-21
CVE-2024-13175	IDOR in Vidco Software's VOC TESTER — VOC TESTER	5.5	Medium	2025-07-18

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1040 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1040