Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1038

1038 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-32823 WordPress Rate My Post plugin <= 3.4.4 - Insecure Direct Object References (IDOR) vulnerability — Rate my Post – WP Rating System 5.3 Medium2024-04-24
CVE-2024-32683 WordPress WP Ultimate Review plugin <= 2.2.5 - Insecure Direct Object References (IDOR) vulnerability — Wp Ultimate Review 5.3 Medium2024-04-19
CVE-2023-6897 EAN for WooCommerce <= 4.9.2 - Insecure Direct Object Reference to Sensitve Information Exposure via Shortcode — EAN Barcode Generator for WooCommerce: UPC, ISBN & GTIN Inventory 4.3 Medium2024-04-18
CVE-2024-32604 WordPress WP-Recall plugin <= 16.26.5 - Insecure Direct Object References (IDOR) vulnerability — WP-Recall 4.3 Medium2024-04-18
CVE-2024-1626 IDOR Vulnerability in lunary-ai/lunary — lunary-ai/lunary 4.3 -2024-04-16
CVE-2023-45808 iTop missing silo check on extkey in console and portal — iTop 4.1 Medium2024-04-15
CVE-2024-22439 Certain HPE FlexNetwork and FlexFabric Switches, Remote Authentication Bypass — HPE FlexNetwork and FlexFabric products 6.9 Medium2024-04-15
CVE-2024-1625 IDOR Vulnerability in lunary-ai/lunary — lunary-ai/lunary 5.3AIMediumAI2024-04-10
CVE-2024-0872 Watu Quiz <= 3.4.1 - Sensitive Information Disclosure — Watu Quiz 4.3 Medium2024-04-09
CVE-2024-2543 Plugin Permalink <= 2.4.3.1 - Missing Authorization via get_uri_editor — Permalink Manager Lite 4.3 Medium2024-04-09
CVE-2024-2261 Event Tickets and Registration <= 5.8.2 - Improper Authorization to Information Disclosure — Event Tickets and Registration 4.3 Medium2024-04-09
CVE-2023-6317 PIN/prompt bypass on the secondscreen.gateway service allows access to the SSAP API without user interaction — WebOS 7.2 High2024-04-09
CVE-2024-31291 WordPress ProfileGrid plugin <= 5.7.6 - IDOR on Friend Request vulnerability — ProfileGrid 4.3 Medium2024-04-07
CVE-2024-31296 WordPress BookingPress plugin <= 1.0.81 - Insecure Direct Object References (IDOR) vulnerability — BookingPress 4.3 Medium2024-04-07
CVE-2023-6523 IDOR in ExtremePacs's Extreme XDS — Extreme XDS 8.8 High2024-04-05
CVE-2024-30543 WordPress Whizzy plugin <= 1.1.18 - Insecure Direct Object References (IDOR) vulnerability — Whizzy 6.5 Medium2024-03-31
CVE-2024-31095 WordPress Thumbs Rating plugin <= 5.1.0 - Insecure Direct Object References (IDOR) vulnerability — Thumbs Rating 5.3 Medium2024-03-31
CVE-2024-30513 WordPress ProfileGrid plugin <= 5.7.2 - Insecure Direct Object References (IDOR) vulnerability — ProfileGrid 6.5 Medium2024-03-29
CVE-2024-29020 JumpServer allows nn authorized attacker to get sensitive information in playbook files when playbook_id is leaked — jumpserver 4.6 Medium2024-03-29
CVE-2024-29024 JumpServer Direct Object Reference (IDOR) Vulnerability in File Manager Bulk Transfer Functionality — jumpserver 4.6 Medium2024-03-29
CVE-2024-30507 WordPress Molongui Authorship plugin <= 4.7.7 - Insecure Direct Object References (IDOR) vulnerability — Molongui 2.7 Low2024-03-29
CVE-2024-1313 Users outside an organization can delete a snapshot with its key — Grafana 6.5 Medium2024-03-26
CVE-2024-29194 OneUptime Vulnerable to a Privilege Escalation via Local Storage Key Manipulation — oneuptime 8.3 High2024-03-24
CVE-2024-2538 Permalink Manager <= 2.4.3.1 - Missing Authorization to Authenticated(Author+) Arbitrary Post Slug Modification — Permalink Manager Lite 5.4 Medium2024-03-20
CVE-2024-1604 Incorrect authorization in BMC Control-M — Control-M 6.4 Medium2024-03-18
CVE-2024-2577 SourceCodester Employee Task Management System update-employee.php authorization — Employee Task Management System 7.3 High2024-03-18
CVE-2024-2576 SourceCodester Employee Task Management System update-admin.php authorization — Employee Task Management System 7.3 High2024-03-18
CVE-2024-2575 SourceCodester Employee Task Management System task-details.php authorization — Employee Task Management System 7.3 High2024-03-18
CVE-2024-2574 SourceCodester Employee Task Management System edit-task.php authorization — Employee Task Management System 7.3 High2024-03-18
CVE-2023-36483 MAS (a Carrier brand) MASmobile Classic Authorization Bypass — MASmobile Classic 6.5 Medium2024-03-16

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1038 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.