Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1040

1040 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-43350 WordPress Propovoice CRM plugin <= 1.7.6.4 - Insecure Direct Object References (IDOR) vulnerability — Propovoice CRM 5.3 Medium2024-08-18
CVE-2024-42464 Leak of user information — upKeeper Manager 7.5AIHighAI2024-08-16
CVE-2024-42463 Leak of organizations messages — upKeeper Manager 7.5AIHighAI2024-08-16
CVE-2023-7049 Custom Field For WP Job Manager <= 1.2 - Insecure Direct Object Reference to Sensitive Information Exposure via Shortcode — Custom Field For WP Job Manager 4.3 Medium2024-08-16
CVE-2024-6534 Directus 10.13.0 - Insecure object reference via PATH presets — Directus 4.3 Medium2024-08-15
CVE-2024-39642 WordPress LearnPress plugin <= 4.2.6.8.2 - Insecure Direct Object References (IDOR) vulnerability — LearnPress 6.5 Medium2024-08-13
CVE-2024-3035 Authorization Bypass Through User-Controlled Key in GitLab — GitLab 6.8 Medium2024-08-08
CVE-2024-6357 Insecure Direct Object Reference vulnerability — ArcSight Intelligence 6.3 Medium2024-08-06
CVE-2024-38701 WordPress Academy LMS plugin <= 2.0.4 - Broken Access Control vulnerability — Academy LMS 4.3 Medium2024-07-22
CVE-2024-34457 Apache StreamPark IDOR Vulnerability — Apache StreamPark 6.5AIMediumAI2024-07-22
CVE-2024-5977 GiveWP – Donation Plugin and Fundraising Platform <= 3.13.0 - Insecure Direct Object Reference to Authenticated (GiveWP Worker+) Arbitrary Post Actions — GiveWP – Donation Plugin and Fundraising Platform 5.4 Medium2024-07-19
CVE-2024-5619 IDOR in PruvaSoft Informatics' Apinizer Management Console — Apinizer Management Console 9.6 Critical2024-07-18
CVE-2024-6410 ProfileGrid <= 5.8.9 - Authenticated (Subscriber+) Insecure Direct Object Reference — ProfileGrid – User Profiles, Groups and Communities 4.3 Medium2024-07-10
CVE-2024-39900 OpenSearch Dashboards Reports does not properly restrict access to private tenant resources — reporting 5.4 Medium2024-07-09
CVE-2024-39901 OpenSearch Observability does not properly restrict access to private tenant resources — observability 4.2 Medium2024-07-09
CVE-2024-39897 Cache driver GetBlob() allows read access to any blob without access control check — zot 4.3 Medium2024-07-09
CVE-2024-21759 Fortinet FortiPorta 安全漏洞 — FortiPortal 3.9 Medium2024-07-09
CVE-2023-3288 A BOLA vulnerability in POST /providers in EasyAppointments < 1.5.0 — easyappointments 8.5 High2024-07-09
CVE-2023-38055 A BOLA vulnerability in GET, PUT, DELETE /services/{serviceId} in EasyAppointments < 1.5.0 — easyappointments 9.6 Critical2024-07-09
CVE-2023-38054 A BOLA vulnerability in GET, PUT, DELETE /customers/{customerId} in EasyAppointments < 1.5.0 — easyappointments 9.9 Critical2024-07-09
CVE-2023-38053 A BOLA vulnerability in GET, PUT, DELETE /settings/{settingName} in EasyAppointments < 1.5.0 — easyappointments 9.9 Critical2024-07-09
CVE-2023-38052 A BOLA vulnerability in GET, PUT, DELETE /admins/{adminId} in EasyAppointments < 1.5.0 — easyappointments 9.9 Critical2024-07-09
CVE-2023-38051 A BOLA vulnerability in GET, PUT, DELETE /secretaries/{secretaryId} in EasyAppointments < 1.5.0 — easyappointments 9.9 Critical2024-07-09
CVE-2023-38050 A BOLA vulnerability in GET, PUT, DELETE /webhooks/{webhookId} in EasyAppointments < 1.5.0 — easyappointments 9.1 Critical2024-07-09
CVE-2023-38049 A BOLA vulnerability in GET, PUT, DELETE /appointments/{appointmentId} in EasyAppointments < 1.5.0 — easyappointments 9.9 Critical2024-07-09
CVE-2023-38048 A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} in EasyAppointments < 1.5.0 — easyappointments 9.9 Critical2024-07-09
CVE-2023-38047 A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} in EasyAppointments < 1.5.0. — easyappointments 8.5 High2024-07-09
CVE-2023-3289 A BOLA vulnerability in POST /services in EasyAppointments < 1.5.0 — easyappointments 7.7 High2024-07-09
CVE-2023-3290 A BOLA vulnerability in POST /customers in EasyAppointments < 1.5.0 — easyappointments 5.0 Medium2024-07-09
CVE-2023-3286 A BOLA vulnerability in POST /secretaries in EasyAppointments < 1.5.0 — easyappointments 7.7 High2024-07-09

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1040 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.