Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1040

1040 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-3889 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity' — Simple Shopping Cart 5.3 Medium2025-05-01
CVE-2025-3874 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference — Simple Shopping Cart 6.5 Medium2025-05-01
CVE-2025-3640 Moodle: idor in web service allows users enrolled in a course to access some details of other users 4.3 Medium2025-04-25
CVE-2025-3636 Moodle: idor in moodle rss block allows unauthorized access to rss feeds 4.3 Medium2025-04-25
CVE-2025-3625 Moodle: user dos and name disclosure via idor in moodle mfa email factor revoke action 7.1 High2025-04-25
CVE-2025-1284 Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) <= 4.1 - Insecure Direct Object Reference to Authenticated (Subscriber+) Order Information Disclosure — Woocommerce Automatic Order Printing | ( Formerly WooCommerce Google Cloud Print) 4.3 Medium2025-04-24
CVE-2025-42605 Improper Access Control Vulnerability in Meon Bidding Solutions — Bidding Solutions 4.3 -2025-04-23
CVE-2025-3519 Replace uploaded files knowing the file upload ID — Unblu Spark 6.5 -2025-04-22
CVE-2025-39434 WordPress Avatar plugin <= 0.1.4 - Insecure Direct Object References (IDOR) vulnerability — Avatar 4.3 Medium2025-04-17
CVE-2025-27929 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-24315 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-27561 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-30257 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31147 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31360 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 6.5 Medium2025-04-15
CVE-2025-27927 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-24850 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-25276 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-27565 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-27575 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31950 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31945 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-26857 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-27719 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31654 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-30514 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-27938 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-27939 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 7.5 High2025-04-15
CVE-2025-30254 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-27568 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1040 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.