Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1033

1033 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-22396 WordPress Fiorello theme <= 1.0 - Insecure Direct Object References (IDOR) vulnerability — Fiorello 5.4 Medium2026-01-22
CVE-2026-22391 WordPress Cocco theme <= 1.5.1 - Insecure Direct Object References (IDOR) vulnerability — Cocco 5.4 Medium2026-01-22
CVE-2025-47555 WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability — Tutor LMS 3.8 Low2026-01-22
CVE-2025-10855 IDOR in Solvera Software's Teknoera — Teknoera 7.5 High2026-01-22
CVE-2025-10024 IDOR in EXERT Computer Technologies' Education Management System — Education Management System 7.5 High2026-01-22
CVE-2026-23754 D-Link D-View 8 IDOR Allows Credential Disclosure and Account Takeover — D-View 8 8.8AIHighAI2026-01-21
CVE-2025-15521 Academy LMS – WordPress LMS Plugin for Complete eLearning Solution <= 3.5.0 - Unauthenticated Privilege Escalation via Account Takeover — Academy LMS – WordPress LMS Plugin for Complete eLearning Solution 9.8 Critical2026-01-21
CVE-2026-23843 teklifolustur_app's IDOR vulnerability allows unauthorized access to other users' offers — teklifolustur_app 7.1 High2026-01-19
CVE-2025-14844 Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure — Membership Plugin – Restrict Content 8.2 High2026-01-16
CVE-2025-15370 Shield Security <= 21.0.9 - Authenticated (Subscriber+) Insecure Direct Object Reference to Disable Google Authenticator — Shield: Blocks Bots, Protects Users, and Prevents Security Breaches 4.3 Medium2026-01-16
CVE-2025-68492 Chainlit 安全漏洞 — Chainlit 4.3AIMediumAI2026-01-14
CVE-2025-40805 Siemens Industrial Edge Devices 安全漏洞 — Industrial Edge Cloud Device (IECD) 10.0 Critical2026-01-13
CVE-2025-41077 Multiple vulnerabilities in Viafirma products — Inbox 7.1AIHighAI2026-01-12
CVE-2025-69274 Spectrum broken authorization scheme — DX NetOps Spectrum 7.8AIHighAI2026-01-12
CVE-2025-13457 WooCommerce Square <= 5.1.1 - Unauthenticated Insecure Direct Object Reference to Sensitive Information Exposure in get_token_by_id — WooCommerce Square 7.5 High2026-01-10
CVE-2026-22589 Spree API has Unauthenticated IDOR - Guest Address — spree 7.5 High2026-01-10
CVE-2026-21409 RICOH Streamline NX 安全漏洞 — RICOH Streamline NX 5.9 -2026-01-09
CVE-2026-22588 Spree API has Authenticated Insecure Direct Object Reference (IDOR) via Order Modification — spree 6.5 Medium2026-01-08
CVE-2026-22235 OPEXUS eComplaint IDOR — eComplaint 7.5 High2026-01-08
CVE-2026-22234 OPEXUS eCasePortal unauthenticated IDOR — eCase Portal 9.8 Critical2026-01-08
CVE-2026-22489 WordPress Image Slider Slideshow plugin <= 1.8 - Insecure Direct Object References (IDOR) vulnerability — Image Slider Slideshow 4.3 Medium2026-01-08
CVE-2025-4596 Information disclosure via IDOR in Asseco AMDX — AMDX 4.3 -2026-01-08
CVE-2025-67919 WordPress Woffice Core plugin <= 5.4.30 - Insecure Direct Object References (IDOR) vulnerability — Woffice Core 6.5 Medium2026-01-08
CVE-2025-15018 Optional Email <= 1.3.11 - Unauthenticated Privilege Escalation to Account Takeover — Optional Email 9.8 Critical2026-01-07
CVE-2025-12030 ACF to REST API <= 3.3.4 - Insecure Direct Object Reference to Authenticated (Contributor+) ACF Field/Option Modification — ACF to REST API 4.3 Medium2026-01-07
CVE-2025-14802 LearnPress – WordPress LMS Plugin <= 4.3.2.2 - Insecure Direct Object Reference to Authenticated (Instructor+) Teacher Material Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 5.4 Medium2026-01-07
CVE-2020-36923 Sony BRAVIA Digital Signage 1.7.8 Client-Side Protection Bypass via IDOR — Sony BRAVIA Digital Signage 9.8 Critical2026-01-06
CVE-2025-14996 AS Password Field In Default Registration Form <= 2.0.0 - Unauthenticated Privilege Escalation via Account Takeover — AS Password Field In Default Registration Form 9.8 Critical2026-01-06
CVE-2025-15001 FS Registration Password <= 1.0.1 - Unauthenticated Privilege Escalation via Account Takeover — FS Registration Password 9.8 Critical2026-01-06
CVE-2025-68044 WordPress Five Star Restaurant Reservations plugin <= 2.7.4 - Insecure Direct Object References (IDOR) vulnerability — Five Star Restaurant Reservations 8.6 High2026-01-05

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1033 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.