Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1038

1038 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-35876 WordPress WooCommerce Square Plugin <= 3.8.1 is vulnerable to Insecure Direct Object References (IDOR) — WooCommerce Square 8.1 High2023-12-20
CVE-2023-36520 WordPress Editorial Calendar Plugin <= 3.7.12 is vulnerable to Insecure Direct Object References (IDOR) — Editorial Calendar 5.4 Medium2023-12-20
CVE-2023-37871 WordPress WooCommerce GoCardless Gateway Plugin <= 2.5.6 is vulnerable to Insecure Direct Object References (IDOR) — GoCardless 8.2 High2023-12-20
CVE-2023-38513 WordPress Photo Engine Plugin <= 6.2.5 is vulnerable to Insecure Direct Object References (IDOR) — Photo Engine (Media Organizer & Lightroom) 5.4 Medium2023-12-20
CVE-2023-41796 WordPress Sunshine Photo Cart Plugin < 3.0.0 is vulnerable to Insecure Direct Object References (IDOR) — Sunshine Photo Cart: Free Client Galleries for Photographers 5.3 Medium2023-12-20
CVE-2023-46311 WordPress wpDiscuz Plugin <= 7.6.3 is vulnerable to Insecure Direct Object References (IDOR) — Comments – wpDiscuz 2.7 Low2023-12-20
CVE-2023-6929 Authorization Bypass Through User-Controlled Key in EuroTel ETL3100 — ETL3100 7.5 High2023-12-19
CVE-2022-43450 WordPress Stream Plugin <= 3.9.2 is vulnerable to Insecure Direct Object References (IDOR) — Stream 4.3 Medium2023-12-19
CVE-2023-49812 WordPress WP Photo Album Plus Plugin <= 8.5.02.005 is vulnerable to Insecure Direct Object References (IDOR) — WP Photo Album Plus 5.3 Medium2023-12-19
CVE-2023-6341 Catalis CM360 allows authentication bypass — CMS360 5.3 Medium2023-11-30
CVE-2023-6226 WP Shortcodes Plugin — Shortcodes Ultimate <= 5.13.3 - Insecure Direct Object Reference to Information Disclosure — WP Shortcodes Plugin — Shortcodes Ultimate 4.3 Medium2023-11-28
CVE-2023-48304 Nextcloud Server vulnerable to attacker enabling/disabling birthday calendar for any user — security-advisories 4.3 Medium2023-11-21
CVE-2023-6144 Dev Blog v1.0 - ATO — Dev Blog 9.1 Critical2023-11-20
CVE-2023-3869 wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Comment Rating Increase/Decrease — Comments – wpDiscuz 5.3 Medium2023-10-20
CVE-2023-3998 wpDiscuz <= 7.6.3 - Insecure Direct Object Reference to Post Rating Increase/Decrease — Comments – wpDiscuz 5.3 Medium2023-10-20
CVE-2023-43668 Apache InLong: Jdbc Connection Security Bypass in InLong — Apache InLong 9.8 -2023-10-16
CVE-2023-44981 Apache ZooKeeper: Authorization bypass in SASL Quorum Peer Authentication — Apache ZooKeeper 9.1 -2023-10-11
CVE-2023-44249 Fortinet FortiManager 安全漏洞 — FortiManager 4.1 Medium2023-10-10
CVE-2023-42455 Wazuh vulnerable to user privilege escalation — wazuh-kibana-app 8.8 High2023-10-09
CVE-2023-2544 Authorization Bypass on UPV PEIX — UPV PEIX 5.3 Medium2023-10-03
CVE-2023-32669 Authorization Bypass on BuddyBoss — BuddyBoss 5.4 Medium2023-10-03
CVE-2023-4101 Multiple vulnerabilities in IDM Sistemas QSige — QSige 8.8 High2023-10-03
CVE-2023-4099 Multiple vulnerabilities in IDM Sistemas QSige — QSige 7.6 High2023-10-03
CVE-2023-44206 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 15 9.1 -2023-09-27
CVE-2023-44205 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 15 7.5 -2023-09-27
CVE-2023-44154 Acronis Cyber Protect 安全漏洞 — Acronis Cyber Protect 15 9.1 -2023-09-27
CVE-2023-4934 IDOR in Usta AYBS — AYBS 8.8 High2023-09-27
CVE-2023-4213 Simplr Registration Form Plus+ <= 2.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference to Arbitrary User Password Change — Simplr Registration Form Plus+ 8.8 High2023-09-13
CVE-2023-41368 Insecure Direct Object Reference (IDOR) vulnerability in S4 HANA (Manage checkbook apps) — S4 HANA ABAP (Manage checkbook apps) 2.7 Low2023-09-12
CVE-2023-4587 Insecure direct object reference in ZKTeco ZEM800 — ZEM800 8.3 High2023-09-04

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1038 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.