Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-639 (通过用户控制密钥绕过授权机制) — Vulnerability Class 1038

1038 vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2023-2713 IDOR vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform. — Rental Module 9.8 Critical2023-05-20
CVE-2023-2276 WCFM Membership – WooCommerce Memberships for Multivendor Marketplace <= 2.10.7 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Password Change — WCFM Membership – WooCommerce Memberships for Multivendor Marketplace 9.8 Critical2023-05-20
CVE-2023-2548 RegistrationMagic <= 5.2.0.5 - Authenticated (Admin+) Insecure Direct Object Reference to Arbitrary User Password Change — RegistrationMagic – Custom Registration Forms, User Registration, Payment, and User Login 6.6 Medium2023-05-16
CVE-2023-31182 EasyTor Applications – Authorization Bypass — EasyTor Applications 8.1 High2023-05-08
CVE-2023-30550 IDOR vulnerability exists in metersphere — metersphere 6.8 Medium2023-05-04
CVE-2023-28656 NGINX Management Suite vulnerability — NGINX Instance Manager 8.1 High2023-05-03
CVE-2023-2260 Authorization Bypass Through User-Controlled Key in alfio-event/alf.io — alfio-event/alf.io 6.5 -2023-04-24
CVE-2023-24834 WisdomGarden Tronclass ilearn - Broken Access Control — Tronclass ilearn 6.5 Medium2023-03-27
CVE-2023-24842 HGiga MailSherlock - Broken Access Control — MailSherlock 5.3 Medium2023-03-27
CVE-2023-1462 IDOR in Digikent — DigiKent 8.8 High2023-03-21
CVE-2023-1463 Authorization Bypass Through User-Controlled Key in nilsteampassnet/teampass — nilsteampassnet/teampass 8.2 -2023-03-17
CVE-2023-28109 Play With Docker vulnerable to Authorization Bypass Through User-Controlled Key — play-with-docker 6.5 Medium2023-03-16
CVE-2023-0882 Authorization Bypass Through User-Controlled Key on Single Connect — Single Connect 8.8 High2023-02-17
CVE-2023-25160 IDOR Vulnerability in Nextcloud Mail — security-advisories 4.1 Medium2023-02-13
CVE-2023-0558 ContentStudio <= 1.2.5 - Authorization Bypass — ContentStudio 8.2 High2023-01-27
CVE-2023-0550 Quick Restaurant Menu <= 2.0.2 - Insecure Direct Object Reference — Quick Restaurant Menu 8.1 High2023-01-27
CVE-2023-22471 Nextcloud Deck vulnerable to authorization bypass — security-advisories 3.5 Low2023-01-14
CVE-2022-46179 LiuOS vulnerable to Authorization Bypass through User-Controlled Key — LiuOS 9.2 Critical2022-12-28
CVE-2022-4798 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memos 4.3 -2022-12-28
CVE-2022-4799 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memos 4.3 -2022-12-28
CVE-2022-4802 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memos 4.3 -2022-12-28
CVE-2022-4803 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memos 4.3 -2022-12-28
CVE-2022-4806 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memos 4.3 -2022-12-28
CVE-2022-4811 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memos 8.3 High2022-12-28
CVE-2022-4812 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memos 4.3 -2022-12-28
CVE-2022-4686 Authorization Bypass Through User-Controlled Key in usememos/memos — usememos/memos 9.1 -2022-12-23
CVE-2022-3794 Jeg Elementor Kit <= 2.5.6 - Authorization Bypass — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress 5.4 Medium2022-12-22
CVE-2022-3805 Jeg Elementor Kit <= 2.5.6 - Unauthenticated Authorization Bypass — Jeg Kit for Elementor – Powerful Addons for Elementor, Widgets & Templates for WordPress 8.6 High2022-12-22
CVE-2022-4505 Authorization Bypass Through User-Controlled Key in openemr/openemr — openemr/openemr 8.8 High2022-12-15
CVE-2022-2808 IDOR in Prens Student Information System — Prens Student Information System 8.8 High2022-12-12

Vulnerabilities classified as CWE-639 (通过用户控制密钥绕过授权机制) represent 1038 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.