Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1038

1038 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-12102 Typer Core <= 1.9.6 - Authenticated (Contributor+) Post Disclosure — Typer Core 4.3 Medium2025-01-30
CVE-2025-22608 Coolify Vulnerable to Revocation of Arbitrary Team Invitations (DOS) — coolify 6.5 Medium2025-01-24
CVE-2024-10497 Schneider Electric PowerLogic HDPM6000 安全漏洞 — PowerLogic HDPM6000 8.8 High2025-01-17
CVE-2024-10775 Piotnet Addons For Elementor <= 2.4.32 - Authenticated (Contributor+) Post Disclosure — Piotnet Addons For Elementor 4.3 Medium2025-01-15
CVE-2025-0058 Information Disclosure vulnerability in SAP Business Workflow and SAP Flexible Workflow — SAP Business Workflow and SAP Flexible Workflow 6.5 Medium2025-01-14
CVE-2024-12116 Unlimited Theme Addon For Elementor and WooCommerce <= 1.2.2 - Authenticated (Contributor+) Post Disclosure — Unlimited Theme Addon For Elementor 4.3 Medium2025-01-11
CVE-2024-11915 RRAddons for Elementor <= 1.1.0 - Authenticated (Contributor+) Post Disclosure — RRAddons for Elementor 4.3 Medium2025-01-11
CVE-2024-42169 HCL MyXalytics is affected by insecure direct object references — DRYiCE MyXalytics 7.1 High2025-01-11
CVE-2024-12472 Post Duplicator <= 2.36 - Authenticated (Contributor+) Protected Post Disclosure — Post Duplicator 4.3 Medium2025-01-11
CVE-2024-10215 WPBookit <= 1.6.4 - Unauthenticated Arbitrary User Password Change — WPBookit 9.8 Critical2025-01-09
CVE-2024-12131 WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.5- Authenticated (Subscriber+) Insecure Direct Object Reference — WP Job Portal – AI-Powered Recruitment System for Company or Job Board website 4.3 Medium2025-01-07
CVE-2024-12132 WP Job Portal – A Complete Recruitment System for Company or Job Board website <= 2.2.4 - Authenticated (Subscriber+) Insecure Direct Object Reference — WP Job Portal – AI-Powered Recruitment System for Company or Job Board website 4.3 Medium2025-01-03
CVE-2024-13040 Quanta Computer QOCA aim - Authorization Bypass — QOCA aim 8.8 High2024-12-31
CVE-2024-52294 khoj has an IDOR in subscription management that allows unauthorized subscription modifications — khoj 4.3 Medium2024-12-30
CVE-2024-12335 Avada Builder <= 3.11.12 - Authenticated (Contributor+) Protected Post Disclosure — Avada (Fusion) Builder 4.3 Medium2024-12-25
CVE-2024-12103 Content No Cache: prevent specific content from being cached <= 0.1.2 - Unauthenticated Private Content Disclosure — Content No Cache | Serve uncached partial content even when you add it to a page that is fully cached. 5.3 Medium2024-12-24
CVE-2024-10797 Full Screen Menu for Elementor <= 1.0.7 - Authenticated (Contributor+) Post Disclosure — Full Screen Menu for Elementor 4.3 Medium2024-12-21
CVE-2024-4464 Synology Media Server 安全漏洞 — Media Server 7.5 High2024-12-18
CVE-2024-12061 Events Addon for Elementor <= 2.2.3 - Authenticated (Contributor+) Post Disclosure — Events Addon for Elementor 4.3 Medium2024-12-18
CVE-2024-9819 IDOR in NextGEO's NG Analyser — NG Analyser 6.5 Medium2024-12-17
CVE-2024-10690 Shortcodes for Elementor <= 1.0.4 - Authenticated (Contributor+) Post Disclosure — Shortcodes for Elementor 4.3 Medium2024-12-14
CVE-2024-12447 Get Post Content Shortcode <= 0.4 - Insecure Direct Object Reference to Authenticated (Contributor+) Sensitive Information Disclosure via post_content Shortcode — Get Post Content Shortcode 4.3 Medium2024-12-14
CVE-2024-12309 Rate My Post – Star Rating Plugin by FeedbackWP <= 4.2.4 - Unauthenticated Voting On Scheduled Posts — Rate My Post – Star Rating Plugin by FeedbackWP 5.3 Medium2024-12-13
CVE-2024-11275 WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin <= 1.0.27 - Missing Authorization to Authenticated (Subscriber+) Arbitrary User Deletion — Timetics – Appointment Booking & Scheduling 4.3 Medium2024-12-13
CVE-2024-11181 Greenshift – animation and page builder blocks <= 9.9.9.3 - Authenticated (Contributor+) Post Disclosure — Greenshift – animation and page builder blocks 4.3 Medium2024-12-12
CVE-2024-12059 ElementInvader Addons for Elementor <= 1.3.1 - Missing Authorization to Arbitrary Options Read — ElementInvader Addons for Elementor 4.3 Medium2024-12-12
CVE-2024-12483 Dromara UJCMS User ID id authorization — UJCMS 3.7 Low2024-12-11
CVE-2024-12305 Object-Level Access Control Vulnerability Allows Unauthorized Access to Student Grades in Unifiedtransform — Unifiedtransform 4.3 Medium2024-12-09
CVE-2024-10689 XLTab – Accordions and Tabs for Elementor Page Builder <= 1.4 - Authenticated (Contributor+) Post Disclosure — XLTab – Accordions and Tabs for Elementor Page Builder 4.3 Medium2024-12-06
CVE-2024-10692 PowerPack Elementor Addons (Free Widgets, Extensions and Templates) <= 2.8.1 - Authenticated (Contributor+) Post Disclosure — PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) 4.3 Medium2024-12-06

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1038 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.