VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 10 of 54
  • CVE-2026-48868HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

  • CVE-2025-59133HigJun 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Custom role Insecure Direct Object References (IDOR) in Projectopia <= 5.1.25.2 versions.

  • CVE-2026-9185HigJun 9, 2026
    risk 0.49cvss 7.5epss 0.00

    The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` parameter of the `six_storage_get_user_info` and `six_storage_update_profile` AJAX actions. This is due to the…

  • CVE-2026-42736HigMay 27, 2026
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through <= 2.14.16.

  • CVE-2025-13479HigMay 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Authorization bypass through User-Controlled key vulnerability in PosCube Hardware Software and Consulting Ltd. QR Menu allows Exploitation of Trusted Identifiers. This issue affects QR Menu: through 21052026. NOTE: The vendor was contacted early about this disclosure but did…

  • CVE-2026-44504HigMay 14, 2026
    risk 0.49cvss epss 0.00

    Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute graph runs against the user's thread,…

  • CVE-2026-41471HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    The Easy PayPal Events & Tickets plugin for WordPress before version 1.4 contains an information disclosure vulnerability in the QR code scanning endpoint that allows unauthenticated attackers to enumerate and retrieve all customer order records. Attackers can iterate over…

  • CVE-2026-4503HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    IBM Langflow Desktop 1.0.0 through 1.8.4 Langflow could allow an unauthenticated user to view other users' images due to an indirect object reference through a user-controlled key.

  • CVE-2026-41279HigApr 23, 2026
    risk 0.49cvss 7.5epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, the text-to-speech generation endpoint (POST /api/v1/text-to-speech/generate) is whitelisted (no auth) and accepts a credentialId directly in the request body. When called…

  • CVE-2026-5750HigApr 22, 2026
    risk 0.49cvss epss 0.00

    An insecure direct object reference (IDOR) vulnerability in the Fullstep V5 registration process allows authenticated users to access data belonging to other registered users through various vulnerable authenticated resources in the application. The vulnerable endpoints result…

  • CVE-2026-30230HigMar 6, 2026
    risk 0.49cvss 7.5epss 0.00

    Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password…

  • CVE-2026-27449HigFeb 26, 2026
    risk 0.49cvss 7.5epss 0.00

    Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed…

  • CVE-2026-24950HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in themeplugs Authorsy authorsy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Authorsy: from n/a through <= 1.0.6.

  • CVE-2026-22383HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes PawFriends - Pet Shop and Veterinary WordPress Theme pawfriends allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects PawFriends - Pet Shop and Veterinary…

  • CVE-2025-69394HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in cnvrse Cnvrse cnvrse allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Cnvrse: from n/a through < 026.02.10.20.

  • CVE-2025-68051HigFeb 20, 2026
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Shiprocket Shiprocket shiprocket allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Shiprocket: from n/a through <= 2.0.8.

  • CVE-2020-37008HigJan 29, 2026
    risk 0.49cvss 7.5epss 0.00

    EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user…

  • CVE-2025-10855HigJan 22, 2026
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Solvera Software Services Trade Inc. Teknoera allows Exploitation of Trusted Identifiers. This issue affects Teknoera: through 01102025.

  • CVE-2025-10024HigJan 22, 2026
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025.

  • CVE-2018-25129HigDec 24, 2025
    risk 0.49cvss 7.5epss 0.00

    SOCA Access Control System 180612 contains multiple insecure direct object reference vulnerabilities that allow attackers to access sensitive user credentials. Attackers can retrieve authenticated and unauthenticated user password hashes and pins through unprotected endpoints…