Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1038

1038 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-49135 CVAT missing validation for in-progress backup upload names — cvat 6.5AIMediumAI2025-06-25
CVE-2025-3091 MB connect line: Authorization bypass in mbCONNECT24/mymbCONNECT24 — mbCONNECT24 7.5 High2025-06-24
CVE-2025-49978 WordPress JobSearch plugin < 3.0.6 - Insecure Direct Object References (IDOR) Vulnerability — JobSearch 4.3 Medium2025-06-20
CVE-2025-49995 WordPress Download Attachments plugin <= 1.3.1 - Insecure Direct Object References (IDOR) vulnerability — Download Attachments 5.3 Medium2025-06-20
CVE-2025-6329 ScriptAndTools Real Estate Management System User Delete userdelete.php authorization — Real Estate Management System 5.4 Medium2025-06-20
CVE-2025-5195 Authorization Bypass Through User-Controlled Key in GitLab — GitLab 4.3 Medium2025-06-12
CVE-2024-45329 Fortinet FortiPortal 安全漏洞 — FortiPortal 3.9 Medium2025-06-10
CVE-2025-40661 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS — DM Corporative CMS 6.5AIMediumAI2025-06-10
CVE-2025-40660 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS — DM Corporative CMS 6.5AIMediumAI2025-06-10
CVE-2025-40659 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS — DM Corporative CMS 6.5AIMediumAI2025-06-10
CVE-2025-40658 Insecure Direct Object Reference (IDOR) vulnerability in DM Corporative CMS — DM Corporative CMS 6.5AIMediumAI2025-06-10
CVE-2025-4691 Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking <= 1.3.21 - Insecure Direct Object Reference to Sensitive Information Exposure — eaSYNC Booking – Hotels, Restaurants & Car Rentals 5.3 Medium2025-05-31
CVE-2025-40650 Insecure Direct Object Reference (IDOR) in Clickedu — Clickedu 4.3AIMediumAI2025-05-26
CVE-2025-5182 Summer Pearl Group Vacation Rental Management Platform Listing authorization — Vacation Rental Management Platform 4.3 Medium2025-05-26
CVE-2025-20114 Cisco Unified Intelligence Center Insecure Direct Object Reference Vulnerability — Cisco Unified Contact Center Express 4.3 Medium2025-05-21
CVE-2025-24969 iTop portal user can see any other contact's picture — iTop 5.0 Medium2025-05-14
CVE-2024-52601 iTop portal Insecure Direct Object Reference vulnerability — iTop 6.5 Medium2025-05-14
CVE-2025-3769 Latepoint <= 5.1.92 - Unauthenticated Insecure Direct Object Reference — LatePoint – Calendar Booking Plugin for Appointments and Events 5.3 Medium2025-05-14
CVE-2024-8988 PeepSo Core: File Uploads <= 6.4.6.0 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Exposure via file_download — PeepSo Core: File Uploads 5.3 Medium2025-05-14
CVE-2025-3605 Frontend Login and Registration Blocks <= 1.1.1 - Unauthenticated Privilege Escalation via Account Takeover — Login, Registration and Lost Password Blocks 9.8 Critical2025-05-09
CVE-2025-3811 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Email Update — WPBookit 9.8 Critical2025-05-09
CVE-2025-3810 WPBookit <= 1.0.2 - Insecure Direct Object Reference to Unauthenticated Privilege Escalation via Account Takeover — WPBookit 9.8 Critical2025-05-09
CVE-2025-20214 Cisco IOS XE 安全漏洞 — Cisco IOS XE Software 4.3 Medium2025-05-07
CVE-2025-3853 WPshop 2 – E-Commerce 2.0.0 - 2.6.0 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Key Generation — WPshop 2 – E-Commerce 6.5 Medium2025-05-07
CVE-2025-3281 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.2.1 - Insecure Direct Object Reference to Unauthenticated Limited User Deletion — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 5.3 Medium2025-05-06
CVE-2025-3610 Reales WP STPT <= 2.1.2 - Authenticated (Subscriber+) Privilege Escalation via Password Update — Reales WP STPT 8.8 High2025-05-06
CVE-2025-4210 Casdoor SCIM User Creation Endpoint scim.go HandleScim authorization — Casdoor 7.3 High2025-05-02
CVE-2025-1327 Homey - Booking and Rentals WordPress Theme <= 2.4.4 - Insecure Direct Object Reference to Authenticated (Subscriber+) Arbitrary User Deletion — Homey 4.3 Medium2025-05-02
CVE-2025-3889 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference via 'quantity' — Simple Shopping Cart 5.3 Medium2025-05-01
CVE-2025-3874 WordPress Simple PayPal Shopping Cart <= 5.1.3 - Insecure Direct Object Reference — Simple Shopping Cart 6.5 Medium2025-05-01

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1038 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.