Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1038

1038 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2021-41111 Authorization Bypass Through User-Controlled Key in Rundeck — rundeck 6.4 Medium2022-02-28
CVE-2022-0691 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse — unshiftio/url-parse 9.1 -2022-02-21
CVE-2022-0686 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse — unshiftio/url-parse 9.1 -2022-02-20
CVE-2022-0639 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse — unshiftio/url-parse 9.1 -2022-02-17
CVE-2022-0613 Authorization Bypass Through User-Controlled Key in medialize/uri.js — medialize/uri.js 7.4 -2022-02-16
CVE-2022-0512 Authorization Bypass Through User-Controlled Key in unshiftio/url-parse — unshiftio/url-parse 9.1 -2022-02-14
CVE-2021-25096 IP2Location Country Blocker < 2.26.5 - Ban Bypass — IP2Location Country Blocker 6.5 -2022-02-07
CVE-2022-0266 Authorization Bypass Through User-Controlled Key in livehelperchat/livehelperchat — livehelperchat/livehelperchat 6.8 -2022-01-19
CVE-2021-3852 Authorization Bypass Through User-Controlled Key in weseek/growi — weseek/growi 8.1 -2022-01-12
CVE-2021-44160 Carinal Tien Hospital Health Report System - Authorization Bypass Through User-Controlled Key — Health Report System 7.3 High2021-12-29
CVE-2021-24739 Logo Carousel < 3.4.2 - Unauthorised Private Post Access — Logo Carousel – Logo Slider, Logo Showcase, and Clients Logo Gallery 8.1 -2021-12-21
CVE-2021-43820 Permissions check bypass in Seafile — seafile-server 7.4 High2021-12-14
CVE-2021-3964 Authorization Bypass Through User-Controlled Key in elgg/elgg — elgg/elgg 8.1 -2021-12-01
CVE-2021-36329 Dell Emc Streaming Data Platform 安全漏洞 — Dell EMC Streaming Data Platform 6.5 Medium2021-11-30
CVE-2021-24892 Advanced Forms < 1.6.9 - Subscriber+ Arbitrary User Email Address Update via IDOR — Advanced Forms Ppro 8.8 -2021-11-23
CVE-2021-22967 PortlandLabs Concrete CMS 安全漏洞 — https://github.com/concrete5/concrete5 7.5 -2021-11-19
CVE-2021-22951 PortlandLabs Concrete CMS 安全漏洞 — https://github.com/concrete5/concrete5 7.5 -2021-11-19
CVE-2021-24840 Squaretype Modern Blog < 3.0.4 - Unauthenticated Private/Schedule Posts Disclosure — Squaretype 5.3 -2021-11-08
CVE-2021-39225 Missing permission check on Deck API — security-advisories 8.1 High2021-10-25
CVE-2021-40355 Teamcenter 代码问题漏洞 — Teamcenter V12.4 8.8 -2021-09-14
CVE-2021-37184 Siemens Industrial Edge Management 授权问题漏洞 — Industrial Edge Management 9.1 -2021-09-14
CVE-2021-37628 File Drop can be bypassed using Richdocuments app in nextcloud — security-advisories 7.5 High2021-09-07
CVE-2021-37630 Secret Circle can be joined without approval in Nextcloud Circles — security-advisories 6.5 Medium2021-09-07
CVE-2021-37631 Circle can be accessed by non-Circle members in Nextcloud Deck — security-advisories 6.5 Medium2021-09-07
CVE-2021-24562 LifterLMS < 4.21.2 - Access Other Student Grades/Answers via IDOR — LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress 7.5 -2021-08-23
CVE-2021-36801 Akaunting Authentication Bypass in Company Selection — Akaunting 8.1 High2021-08-04
CVE-2021-24473 User Profile Picture < 2.6.0 - Arbitrary User Picture Change/Deletion via IDOR — User Profile Picture 5.4 -2021-08-02
CVE-2021-32744 Unauthenticated attacker could gain access to currently open files — online 9.8 Critical2021-07-21
CVE-2021-24374 Jetpack < 9.8 - Carousel Module Non-Published Page/Post Attachment Comment Leak — Jetpack – WP Security, Backup, Speed, & Growth 5.3 -2021-06-21
CVE-2021-32654 Attacker can obtain write access to any federated share/public link — security-advisories 8.1 High2021-06-01

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1038 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.