Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1041

1041 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-20513 Cisco AnyConnect VPN 安全漏洞 — Cisco Meraki MX Firmware 5.8 Medium2024-10-02
CVE-2024-39319 aimeos/ai-controller-frontend has IDOR vulnerability in account profile page — ai-controller-frontend--AI2024-09-26
CVE-2024-8290 WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible <= 6.7.12 - Insecure Direct Object Reference to Account Takeover/Privilege Escalation — WCFM – Frontend Manager for WooCommerce 8.8 High2024-09-25
CVE-2024-8485 REST API TO MiniProgram <= 4.7.1 - Unauthenticated Arbitrary User Email Update and Privilege Escalation via Account Takeover — REST API TO MiniProgram 9.8 Critical2024-09-25
CVE-2024-8791 Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress <= 1.8.1.14 - Insecure Direct Object Reference to Account Takeover and Privilege Escalation — Charitable – Donation Plugin for WordPress – Fundraising with Recurring Donations & More 9.8 Critical2024-09-24
CVE-2024-45806 Potential manipulate `x-envoy` headers from external sources in envoy — envoy 6.5 Medium2024-09-19
CVE-2024-45614 Header normalization allows for client to clobber proxy set headers in Puma — puma 5.4 Medium2024-09-19
CVE-2024-46982 Cache Poisoning in next.js — next.js 7.5 High2024-09-17
CVE-2024-45605 Improper authorization on deletion of user issue alert notifications in sentry — sentry 6.5 Medium2024-09-17
CVE-2024-45606 Improper authorization on muting of alert rules in sentry — sentry 7.1 High2024-09-17
CVE-2024-6685 Authorization Bypass Through User-Controlled Key in GitLab — GitLab 3.1 Low2024-09-16
CVE-2022-3459 WooCommerce Multiple Free Gift <= 1.2.3 - Insufficient Server-Side Validation to Arbitrary Gift Adding — WooCommerce Multiple Free Gift 5.3 Medium2024-09-14
CVE-2024-6087 Improper Access Control in lunary-ai/lunary — lunary-ai/lunary 8.8AIHighAI2024-09-13
CVE-2024-3306 IDOR in Utarit Information's SoliClub — SoliClub 9.1AICriticalAI2024-09-12
CVE-2024-3305 IDOR in Utarit Information's SoliClub — SoliClub 7.5AIHighAI2024-09-12
CVE-2024-45786 Improper Authorization Vulnerability — Mutual Fund Distribution Product (aiM-Star) 6.5AIMediumAI2024-09-11
CVE-2023-44254 Fortinet FortiAnalyzer和FortiManager 安全漏洞 — FortiAnalyzer 4.7 Medium2024-09-10
CVE-2024-45032 Siemens Industrial Edge Management 安全漏洞 — Industrial Edge Management Pro 10.0 Critical2024-09-10
CVE-2024-8601 Improper Access Control Vulnerability in TechExcel Back Office Software — Back Office Software 6.5AIMediumAI2024-09-09
CVE-2024-8428 ForumWP – Forum & Discussion Board Plugin <= 2.0.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Privilege Escalation via Account Takeover — ForumWP – Forum & Discussion Board 8.8 High2024-09-06
CVE-2024-1744 IDOR in Ariva Computer's Accord ORS — Accord ORS 7.5 -2024-09-06
CVE-2024-8292 WP-Recall – Registration, Profile, Commerce & More <= 16.26.8 - Insecure Direct Object Reference to Unauthenticated Arbitrary Password Update — WP-Recall – Registration, Profile, Commerce & More 9.8 Critical2024-09-06
CVE-2024-8123 The Ultimate WordPress Toolkit – WP Extended <= 3.0.8 - Insecure Direct Object Reference — The Ultimate WordPress Toolkit – WP Extended 5.4 Medium2024-09-04
CVE-2024-43916 WordPress Zephyr Project Manager plugin <= 3.3.102 - Insecure Direct Object References (IDOR) vulnerability — Zephyr Project Manager 4.3 Medium2024-08-26
CVE-2024-8158 User impersonation for lib9p based 9p fileservers — 9front 6.8AIMediumAI2024-08-25
CVE-2024-7848 User Private Files <= 2.1.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private File Access — File Sharing & Download Manager – User Private Files 4.3 Medium2024-08-22
CVE-2024-43239 WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability — Masteriyo - LMS 4.3 Medium2024-08-18
CVE-2024-43266 WordPress WP Job Portal plugin <= 2.1.8 - Insecure Direct Object References (IDOR) vulnerability — WP Job Portal 5.4 Medium2024-08-18
CVE-2024-43288 WordPress wpForo Forum plugin <= 2.3.4 - Insecure Direct Object References (IDOR) vulnerability — wpForo Forum 4.3 Medium2024-08-18
CVE-2024-43315 WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Insecure Direct Object References (IDOR) vulnerability — Stripe Payments For WooCommerce by Checkout 7.5 High2024-08-18

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1041 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.