Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1040

1040 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-41368 Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps) — S4 HANA ABAP (Manage checkbook apps) 2.7 Low2023-09-12
CVE-2023-4587 Insecure direct object reference in ZKTeco ZEM800 — ZEM800 8.3 High2023-09-04
CVE-2023-2173 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion — BadgeOS 6.5 Medium2023-08-31
CVE-2023-2172 BadgeOS <= 3.7.1.6 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Title Overwrite — BadgeOS 4.3 Medium2023-08-31
CVE-2023-0689 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_first_name' shortcode — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 4.3 Medium2023-08-31
CVE-2023-38201 Keylime: challenge-response protocol bypass during agent registration — Red Hat Enterprise Linux 9 6.5 Medium2023-08-25
CVE-2023-32078 Netmaker IDOR Vulnerability Allows User to Update Other User's Password — netmaker 7.5 High2023-08-24
CVE-2023-2958 IDOR in ATS Pro — ATS Pro 9.8 Critical2023-07-17
CVE-2023-3700 Authorization Bypass Through User-Controlled Key in alextselegidis/easyappointments — alextselegidis/easyappointments 6.3 Medium2023-07-17
CVE-2023-2190 Authorization Bypass Through User-Controlled Key in GitLab — GitLab 6.5 Medium2023-07-13
CVE-2023-3105 LearnDash LMS <= 4.6.0 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change — LearnDash LMS 8.8 High2023-07-12
CVE-2023-30956 IDOR in Foundry Comments allows retrieval of attachments — com.palantir.comments:comments 5.3 Medium2023-07-10
CVE-2023-30960 Insecure Direct Object Reference (IDOR) in Foundry job-tracker — com.palantir.foundry.jobtracker:job-tracker 4.3 Medium2023-07-10
CVE-2023-37242 Huawei HarmonyOS 安全漏洞 — HarmonyOS 9.8 -2023-07-06
CVE-2023-3063 SP Project & Document Manager <= 4.67 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change — SP Project & Document Manager 8.8 High2023-06-30
CVE-2023-23679 WordPress JS Help Desk – Best Help Desk & Support Plugin Plugin <= 2.7.7 is vulnerable to Insecure Direct Object References (IDOR) — JS Help Desk 4.6 Medium2023-06-23
CVE-2023-26428 Open-Xchange OX App Suite 安全漏洞 — OX App Suite 6.5 Medium2023-06-20
CVE-2023-34000 WordPress WooCommerce Stripe Payment Gateway Plugin <= 7.4.0 is vulnerable to Insecure Direct Object References (IDOR) — WooCommerce Stripe Payment Gateway 7.5 High2023-06-14
CVE-2023-3048 IDOR in TMT's Lockcell — Lockcell 9.8 Critical2023-06-13
CVE-2023-0692 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_payment_status' shortcode — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 4.3 Medium2023-06-09
CVE-2023-1889 Directorist <= 7.5.4 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary Post Deletion in listing_task — Directorist: AI-Powered Business Directory, Listings & Classified Ads 6.5 Medium2023-06-09
CVE-2023-0691 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_last_name shortcode — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 4.3 Medium2023-06-09
CVE-2023-0688 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf_thankyou shortcode — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 6.5 Medium2023-06-09
CVE-2023-0693 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via 'mf_transaction_id' shortcode — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 6.5 Medium2023-06-09
CVE-2023-0694 Metform Elementor Contact Form Builder <= 3.3.1 - Authenticated (Subscriber+) Information Disclosure via mf shortcode — MetForm – Contact Form, Survey, Quiz, & Custom Form Builder for Elementor 6.5 Medium2023-06-09
CVE-2023-0985 Helmholz and MB Connect Line: Account takeover via password reset in multiple products — mbCONNECT24 8.8 High2023-06-06
CVE-2023-32310 DataEase API interface has IDOR vulnerability — dataease 8.1 High2023-06-01
CVE-2023-2978 Abstrium Pydio Cells Change Subscription authorization — Pydio Cells 4.6 Medium2023-05-30
CVE-2023-2883 IDOR in CBOT's Chatbot — Chatbot 8.8 High2023-05-25
CVE-2023-2065 IDOR in Armoli Technology's Cargo Tracking System — Cargo Tracking System 8.8 High2023-05-24

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1040 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.