Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1040

1040 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-24487 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31941 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31357 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31949 Growatt Cloud portal Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-31933 Growatt Cloud Applications Authorization Bypass Through User-Controlled Key — Cloud portal 5.3 Medium2025-04-15
CVE-2025-3575 Insecure Direct Object Reference en Deporsite de T-INNOVA — Deporsite 6.5AIMediumAI2025-04-15
CVE-2025-3574 Insecure Direct Object Reference on Deporsite by T-INNOVA — Deporsite 6.5AIMediumAI2025-04-15
CVE-2025-3282 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Unauthenticated Membership Modification — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 5.3 Medium2025-04-12
CVE-2025-3292 User Registration & Membership – Custom Registration Form, Login Form, and User Profile <= 4.1.3 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Password Update — User Registration & Membership – Free & Paid Memberships, Subscriptions, Content Restriction, User Profile, Custom User Registration & Login Builder 4.3 Medium2025-04-12
CVE-2025-32373 DNN allows a registered user to enumerate and access files they should not have access to — Dnn.Platform 6.5 Medium2025-04-09
CVE-2025-2526 Streamit <= 4.0.2 - Authenticated (Subscriber+) Privilege Escalation via User Email Change/Account Takeover — Streamit 8.8 High2025-04-08
CVE-2025-31867 WordPress JS Job Manager Plugin <= 2.0.2 - Insecure Direct Object References (IDOR) vulnerability — JS Job Manager 5.4 Medium2025-04-01
CVE-2025-31833 WordPress JobBoard Job listing plugin Plugin <= 1.2.8 - Insecure Direct Object References (IDOR) vulnerability — JobBoard Job listing 4.9 Medium2025-04-01
CVE-2025-30777 WordPress Support Genix plugin <= 1.4.11 - Insecure Direct Object References (IDOR) Vulnerability — Support Genix 4.3 Medium2025-03-27
CVE-2024-13558 NP Quote Request for WooCommerce <= 1.9.179 - Insecure Direct Object Reference to Unauthenticated Sensitive Information Disclosure — NP Quote Request for WooCommerce 7.5 High2025-03-20
CVE-2024-8613 Improper Access Control in gaizhenbiao/chuanhuchatgpt — gaizhenbiao/chuanhuchatgpt 8.2 -2025-03-20
CVE-2024-11300 Improper Access Control in lunary-ai/lunary — lunary-ai/lunary 6.5 -2025-03-20
CVE-2024-9617 IDOR in danswer-ai/danswer — danswer-ai/danswer 7.5 -2025-03-20
CVE-2024-7476 Broken Access Control in lunary-ai/lunary — lunary-ai/lunary 6.5 -2025-03-20
CVE-2024-11167 Improper Access Control in danny-avila/librechat — danny-avila/librechat 4.3 -2025-03-20
CVE-2024-7040 Improper Access Control in open-webui/open-webui — open-webui/open-webui 2.7 -2025-03-20
CVE-2024-12880 Partial Account Takeover due to Insecure Data Querying in infiniflow/ragflow — infiniflow/ragflow 8.1 -2025-03-20
CVE-2024-10366 IDOR in delete attachments in danny-avila/librechat — danny-avila/librechat 4.3 -2025-03-20
CVE-2024-11137 IDOR Vulnerability in PATCH `/v1/runs/:id/score` Endpoint in lunary-ai/lunary — lunary-ai/lunary 4.3 -2025-03-20
CVE-2025-1667 School Management System – WPSchoolPress <= 2.2.16 - Missing Authorization to Privilege Escalation via Account Takeover — School Management System – WPSchoolPress 8.8 High2025-03-15
CVE-2024-13407 Omnipress <= 1.5.4 - Authenticated (Contributor+) Post Disclosure — Omnipress 4.3 Medium2025-03-14
CVE-2024-11284 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Password Reset/Account Takeover — WP JobHunt 9.8 Critical2025-03-14
CVE-2024-11285 WP JobHunt <= 7.1 - Unauthenticated Privilege Escalation via Email Update/Account Takeover — WP JobHunt 9.8 Critical2025-03-14
CVE-2025-2271 IDOR in Issuetrak NewAuditID parameter via Inv_PopTrakXShow.asp — audit 7.7 High2025-03-13
CVE-2024-13887 Business Directory Plugin - Easy Listing Directories for WordPress <= 6.4.14 - Insecure Direct Object Reference to Listing Arbitrary Image Addition — Business Directory Plugin – Easy Listing Directories for WordPress 5.3 Medium2025-03-13

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1040 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.