Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1040

1040 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-28874 WordPress BP Email Assign Templates By shanebp plugin <= 1.7 - Arbitrary Content Deletion vulnerability — BP Email Assign Templates 6.5 Medium2025-03-11
CVE-2025-27436 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements) — SAP S/4HANA (Manage Bank Statements) 4.3 Medium2025-03-11
CVE-2025-27433 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements) — SAP S/4HANA (Manage Bank Statements) 4.3 Medium2025-03-11
CVE-2025-26660 Broken Access Control in SAP Fiori apps (Posting Library) — SAP Fiori apps (Posting Library) 4.3 Medium2025-03-11
CVE-2024-12114 FooGallery – Responsive Photo Gallery, Image Viewer, Justified, Masonry & Carousel <= 2.4.29 - Insecure Direct Object Reference to Authenticated (Custom+) Arbitrary Post/Page Updates — Gallery by FooGallery 4.3 Medium2025-03-08
CVE-2025-0337 Authorization bypass in Now Platform — Now Platform 6.5 Medium2025-03-06
CVE-2024-11216 Broken Access Control in PozitifIK's Pik Online — Pik Online 7.6 High2025-03-05
CVE-2025-27507 IDOR Vulnerabilities in ZITADEL's Admin API that Primarily Impact LDAP Configurations — zitadel 9.0 Critical2025-03-04
CVE-2024-8261 IDOR in Proliz Software's OBS — OBS 7.5 High2025-03-03
CVE-2024-10925 Authorization Bypass Through User-Controlled Key in GitLab — GitLab 5.3 Medium2025-03-03
CVE-2024-13832 Ultra Addons Lite for Elementor <= 1.1.8 - Authenticated (Contributor+) Restricted Post Disclosure — Ultra Addons Lite for Elementor 4.3 Medium2025-02-28
CVE-2025-26977 WordPress FileBird plugin <= 6.4.2.1 - Insecure Direct Object References (IDOR) vulnerability — Filebird 3.8 Low2025-02-25
CVE-2025-26965 WordPress Amelia plugin <= 1.2.16 - Insecure Direct Object References (IDOR) vulnerability — Amelia 9.1 -2025-02-25
CVE-2025-1607 SourceCodester Best Employee Management System salary_slip.php authorization — Best Employee Management System 4.3 Medium2025-02-24
CVE-2024-13873 WP Job Portal <= 2.2.8 - Insecure Direct Object Reference to Authenticated (Subscriber+) User Photo Disconnection — WP Job Portal – AI-Powered Recruitment System for Company or Job Board website 4.3 Medium2025-02-22
CVE-2025-25282 Potential Insecure Direct Object Reference (IDOR) vulnerability in ragflow — ragflow 7.1 -2025-02-21
CVE-2025-0352 Rapid Response Monitoring My Security Account App Authorization Bypass Through User-Controlled Key — My Security Account App API 7.5 High2025-02-20
CVE-2024-13740 ProfileGrid – User Profiles, Groups and Communities <= 5.9.4.2 - Insecure Direct Object Reference to Authenticated (Subscriber+) Private Messages Disclosure — ProfileGrid – User Profiles, Groups and Communities 4.3 Medium2025-02-18
CVE-2025-26788 StrongKey FIDO Server 安全漏洞 — FIDO Server 8.4 High2025-02-14
CVE-2025-1270 Insecure direct object reference (IDOR) vulnerability in H6Web — H6Web 9.1 Critical2025-02-13
CVE-2025-0661 DethemeKit For Elementor <= 2.1.8 - Authenticated (Contributor+) Protected Post Disclosure — DethemeKit for Elementor 4.3 Medium2025-02-13
CVE-2024-13601 Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin <= 1.0.5 - Authenticated (Subscriber+) Insecure Direct Object Reference — Majestic Support – The Leading-Edge Help Desk & Customer Support Plugin 4.3 Medium2025-02-12
CVE-2025-24976 Distribution's token authentication allows attacker to inject an untrusted signing key in a JWT — distribution 8.8 -2025-02-11
CVE-2024-13841 Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time <= 1.0.0 - Authenticated (Contributor+) Post Disclosure — Builder Shortcode Extras – WordPress Shortcodes Collection to Save You Time 4.3 Medium2025-02-07
CVE-2024-9097 IDOR — Endpoint Central 3.5 Low2025-02-05
CVE-2024-12046 Medical Addon for Elementor <= 1.6.2 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode — Medical Addon for Elementor 4.3 Medium2025-02-04
CVE-2024-13607 JS Help Desk – The Ultimate Help Desk & Support Plugin <= 2.8.8 - Authenticated (Subscriber+) Insecure Direct Object Reference — JS Help Desk – AI-Powered Support & Ticketing System 4.3 Medium2025-02-04
CVE-2025-22695 WordPress Nirweb support plugin <= 3.0.3 - Broken Access Control vulnerability — Nirweb support 4.3 Medium2025-02-03
CVE-2024-13372 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Unauthenticated Arbitrary Resume Download — WP Job Portal – AI-Powered Recruitment System for Company or Job Board website 5.3 Medium2025-02-01
CVE-2024-13425 WP Job Portal <= 2.2.6 - Insecure Direct Object Reference to Authenticated (Employer+) Arbitrary Company Deletion — WP Job Portal – AI-Powered Recruitment System for Company or Job Board website 4.3 Medium2025-02-01

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1040 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.