Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1038

1038 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-11176 Quick Featured Images <= 13.7.2 - Insecure Direct Object Reference to Image Manipulation — Quick Featured Images 4.3 Medium2025-10-15
CVE-2025-40773 Siemens SiPass integrated 安全漏洞 — SiPass integrated 3.5 Low2025-10-14
CVE-2025-62252 Liferay Portal和Liferay DXP 安全漏洞 — Portal 6.5AIMediumAI2025-10-13
CVE-2025-62241 Liferay DXP 安全漏洞 — DXP 4.3AIMediumAI2025-10-13
CVE-2025-62242 Liferay Portal和Liferay DXP 安全漏洞 — Portal 4.3AIMediumAI2025-10-13
CVE-2025-62244 Liferay Portal和Liferay DXP 安全漏洞 — Portal 6.5AIMediumAI2025-10-13
CVE-2025-9902 IDOR in Akınsoft QRMenu — QRMenu 7.5 High2025-10-13
CVE-2025-31997 HCL Unica Centralized Offer Management is vulnerable to Insecure Direct Object References (IDOR) — Unica Centralized Offer Management 4.2 Medium2025-10-12
CVE-2025-11518 WPC Smart Wishlist for WooCommerce <= 5.0.3 - Insecure Direct Object Reference to Unauthenticated Wishlist Manipulation — WPC Smart Wishlist for WooCommerce 5.3 Medium2025-10-11
CVE-2025-8887 IDOR in Usta Information Systems' Aybs Interaktif — Aybs Interaktif 6.1 Medium2025-10-10
CVE-2025-61779 Trustee's attestation-policy endpoint is not protected by admin autentication — trustee 4.3AIMediumAI2025-10-09
CVE-2025-6038 Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme <= 1.4.0 - Authenticated (Subscriber+) Privilege Escalation — Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme 8.8 High2025-10-09
CVE-2025-43724 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 4.4 Medium2025-10-08
CVE-2025-40676 Múltiples vulnerabilidades en Negotiator de BBMRI-ERIC — Negotiator 7.1AIHighAI2025-10-07
CVE-2025-0606 IDOR in Logo Software's Logo Cloud — Logo Cloud 6.0 Medium2025-10-06
CVE-2025-11321 zhuimengshaonian wisdom-education WrongBookController.java authorization — wisdom-education 4.3 Medium2025-10-06
CVE-2025-43827 Liferay Portal和Liferay DXP 安全漏洞 — Portal 6.5AIMediumAI2025-09-30
CVE-2025-41098 Insecure Direct Object Reference in GPS BOLD Workplanner — BOLD Workplanner 8.3 -2025-09-30
CVE-2025-41099 Insecure Direct Object Reference in GPS BOLD Workplanner — BOLD Workplanner 4.3 -2025-09-30
CVE-2025-41097 Insecure Direct Object Reference in GPS BOLD Workplanner — BOLD Workplanner 4.3 -2025-09-30
CVE-2025-41096 Insecure Direct Object Reference in GPS BOLD Workplanner — BOLD Workplanner 4.3 -2025-09-30
CVE-2025-41095 Insecure Direct Object Reference in GPS BOLD Workplanner — BOLD Workplanner 4.3 -2025-09-30
CVE-2025-41094 Insecure Direct Object Reference in GPS BOLD Workplanner — BOLD Workplanner 6.5 -2025-09-30
CVE-2025-41093 Insecure Direct Object Reference in GPS BOLD Workplanner — BOLD Workplanner 6.5 -2025-09-30
CVE-2025-41092 Insecure Direct Object Reference in GPS BOLD Workplanner — BOLD Workplanner 4.3 -2025-09-30
CVE-2025-41091 Insecure Direct Object Reference in GPS BOLD Workplanner — BOLD Workplanner 4.3 -2025-09-30
CVE-2025-10947 Sistemas Pleno Gestão de Locação CPF validarCpf authorization — Gestão de Locação 5.3 Medium2025-09-25
CVE-2025-9342 IDOR in Anadolu Hayat Emeklilik's AHE Mobile — AHE Mobile 6.5 Medium2025-09-23
CVE-2025-43810 Liferay Portal和Liferay DXP 安全漏洞 — Portal 4.3AIMediumAI2025-09-22
CVE-2025-59562 WordPress Academy LMS Plugin <= 3.3.4 - Insecure Direct Object References (IDOR) Vulnerability — Academy LMS 5.5 Medium2025-09-22

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1038 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.