Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1038

1038 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-4341 IDOR in ExtremePacs's Extreme XDS — Extreme XDS 6.5 Medium2024-07-08
CVE-2024-39321 Traefik vulnerable to bypassing IP allow-lists via HTTP/3 early data requests in QUIC 0-RTT handshakes — traefik 7.5 High2024-07-05
CVE-2024-31898 IBM InfoSphere Information Server data modification — InfoSphere Information Server 5.4 Medium2024-06-30
CVE-2024-5942 Page and Post Clone <= 6.0 - Insecure Direct Object Reference to Authenticated (Author+) Sensitive Information Exposure — Fast Page & Post Duplicator 4.3 Medium2024-06-29
CVE-2024-1107 IDOR in Talya Informatics' Travel APPS — Travel APPS 9.8 Critical2024-06-27
CVE-2024-4874 Bricks Builder <= 1.9.8 - Insecure Direct Object Reference — Bricks Builder 4.3 Medium2024-06-22
CVE-2024-5639 User Profile Picture <= 2.6.1 - Authenticated (Author+) Insecure Direct Object Reference to Profile Picture Update — User Profile Picture 4.3 Medium2024-06-21
CVE-2024-4873 Replace Image <= 1.1.10 - Insecure Direct Object Reference — Replace Image 4.3 Medium2024-06-19
CVE-2024-37889 MyFinances Allows Unauthorized Access to Other Customer Data — MyFinances 6.5 Medium2024-06-14
CVE-2024-2472 LatePoint Plugin <= 4.9.9 - Missing Authorization and Sensitive Information Exposure via IDOR — LatePoint Plugin 9.1 Critical2024-06-14
CVE-2024-29181 @strapi/plugin-content-manager leaks data via relations via the Admin Panel — strapi 2.3 Low2024-06-12
CVE-2024-5438 Tutor LMS – eLearning and online course solution <= 2.7.1 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Quiz Attempt Deletion — Tutor LMS – eLearning and online course solution 4.3 Medium2024-06-07
CVE-2024-5131 Improper Access Control in lunary-ai/lunary — lunary-ai/lunary 4.3AIMediumAI2024-06-06
CVE-2024-5128 IDOR Vulnerability in lunary-ai/lunary — lunary-ai/lunary 7.6AIHighAI2024-06-06
CVE-2024-4274 Essential Real Estate <= 4.4.2 - Insecure Direct Object Reference to Arbitrary Attachment Deletion — Essential Real Estate 4.3 Medium2024-06-04
CVE-2024-5258 Authorization Bypass Through User-Controlled Key in GitLab — GitLab 4.4 Medium2024-05-23
CVE-2024-5166 Insecure Direct Object Reference In Looker — Looker 6.5 Medium2024-05-22
CVE-2024-4154 Incorrect Synchronization in lunary-ai/lunary — lunary-ai/lunary 7.1AIHighAI2024-05-21
CVE-2024-4151 Improper Access Control in lunary-ai/lunary — lunary-ai/lunary 7.1AIHighAI2024-05-20
CVE-2024-4843 Trellix ePolicy Orchestrator 安全漏洞 — ePolicy Orchestrator 4.3 Medium2024-05-16
CVE-2024-4279 Tutor LMS – eLearning and online course solution <= 2.7.0 - Authenticated (Instructor+) Insecure Direct Object Reference to Arbitrary Course Deletion — Tutor LMS – eLearning and online course solution 6.5 Medium2024-05-16
CVE-2023-40720 Fortinet FortiVoice 安全漏洞 — FortiVoice 6.7 High2024-05-14
CVE-2024-1693 SP Project & Document Manager <= 4.70 - Authenticated (Subscriber+) Arbitrary Folder Name Update — SP Project & Document Manager 4.3 Medium2024-05-09
CVE-2024-4538 IDOR vulnerability in Janto Ticketing Software — Janto Ticketing Software 7.5 High2024-05-07
CVE-2024-4537 IDOR vulnerability in Janto Ticketing Software — Janto Ticketing Software 7.5 High2024-05-07
CVE-2024-34383 WordPress SEOPress plugin <= 7.7.1 - Sensitive Data Exposure vulnerability — SEOPress 5.3 Medium2024-05-06
CVE-2024-2346 FileBird – WordPress Media Library Folders & File Manager <= 5.6.3 - Authenticated (Author+) Insecure Direct Object Reference — FileBird – WordPress Media Library Folders & File Manager 5.4 Medium2024-05-02
CVE-2024-33542 WordPress Crelly Slider plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability — Crelly Slider 4.3 Medium2024-04-29
CVE-2024-32772 WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object References (IDOR) vulnerability — ProfileGrid 4.3 Medium2024-04-24
CVE-2024-32808 WordPress ProfileGrid plugin <= 5.7.9 - Insecure Direct Object Reference (IDOR) vulnerability — ProfileGrid 5.4 Medium2024-04-24

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1038 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.