VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 22 of 54
  • CVE-2026-48169higMay 29, 2026
    risk 0.38cvss epss 0.00

    ### Summary The PraisonAI Platform API has two authorization failures that together break workspace isolation. The service layer for issues and projects performs global primary-key lookups without checking workspace ownership, so any authenticated user can read, modify, and…

  • CVE-2026-47231higMay 29, 2026
    risk 0.38cvss epss 0.00

    ## Summary `modules/documents-files.php` gates state-changing modes by checking that the actor has `hasUploadRight()` on the URL parameter `folder_uuid`. The `move_save` handler then operates on a *separate* URL parameter `file_uuid` and calls…

  • CVE-2026-44776MedMay 26, 2026
    risk 0.38cvss epss 0.00

    Kavita is a cross platform reading server. Prior to 0.9.0, the download, size-check, and chapter metadata endpoints do not enforce library-level authorization. A low-privileged user who knows or guesses a chapterId, volumeId, or seriesId belonging to a library they are not…

  • CVE-2026-21409MedJan 9, 2026
    risk 0.38cvss 5.9epss 0.00

    Improper authorization vulnerability exists in RICOH Streamline NX 3.5.1 to 24R3. If a man-in-the-middle attack is conducted on the communication between the affected product and its user, and some crafted request is processed by the product, the user's registration information…

  • CVE-2023-32189MedOct 16, 2024
    risk 0.38cvss 5.9epss 0.00

    Insecure handling of ssh keys used to bootstrap clients allows local attackers to potentially gain access to the keys

  • CVE-2023-51503MedDec 31, 2023
    risk 0.38cvss 5.9epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2.

  • CVE-2026-45810MedJun 1, 2026
    risk 0.37cvss 6.8epss 0.00

    Nextcloud is an open source content collaboration platform. In Nextcloud Server from versions 31.0.0 to before 31.0.12, and 32.0.0 to before 32.0.3, a missing check of a relation allowed authenticated users with access to any file comment, to read the content of all comments. It…

  • CVE-2025-7013MedJan 29, 2026
    risk 0.37cvss 5.7epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers. This issue affects Menu Panel: through 29012026.  NOTE: The vendor was contacted early about this disclosure but did not…

  • CVE-2024-21981MedAug 13, 2024
    risk 0.37cvss 5.7epss 0.00

    Improper key usage control in AMD Secure Processor (ASP) may allow an attacker with local access who has gained arbitrary code execution privilege in ASP to extract ASP cryptographic keys, potentially resulting in loss of confidentiality and integrity.

  • CVE-2017-0936MedMar 28, 2018
    risk 0.37cvss 5.7epss 0.01

    Nextcloud Server before 11.0.7 and 12.0.5 suffers from an Authorization Bypass Through User-Controlled Key vulnerability. A missing ownership check allowed logged-in users to change the scope of app passwords of other users. Note that the app passwords themselves where neither…

  • CVE-2025-8884MedOct 20, 2025
    risk 0.36cvss 5.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in VHS Electronic Software Ltd. Co. ACE Center allows Privilege Abuse, Exploitation of Trusted Identifiers. This issue affects ACE Center: from 3.10.100.1768 before 3.10.161.2255.

  • CVE-2025-59562MedSep 22, 2025
    risk 0.36cvss 5.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Kodezen LLC Academy LMS academy allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Academy LMS: from n/a through <= 3.3.4.

  • CVE-2024-13175MedJul 18, 2025
    risk 0.36cvss 5.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing. This issue affects VOC TESTER: before 12.41.0.

  • CVE-2025-24976MedFeb 11, 2025
    risk 0.36cvss epss 0.00

    Distribution is a toolkit to pack, ship, store, and deliver container content. Systems running registry versions 3.0.0-beta.1 through 3.0.0-rc.2 with token authentication enabled may be vulnerable to an issue in which token authentication allows an attacker to inject an…

  • CVE-2026-49192MedJun 4, 2026
    risk 0.35cvss 5.4epss 0.00

    The summary service endpoint suffers from an IDOR vulnerability where it fails to verify user ownership of hardware serial numbers, exposing device data to scraping.

  • CVE-2026-24755MedJun 1, 2026
    risk 0.35cvss 5.4epss 0.00

    Kiteworks is a private data network (PDN). Prior to version 9.3.0, an Insecure Direct Object Reference (IDOR) vulnerability in Kiteworks Secure Data Forms allows an authenticated user to modify permissions on resources belonging to other users due to insufficient authorization…

  • CVE-2026-41141MedMay 28, 2026
    risk 0.35cvss 6.5epss 0.00

    EspoCRM is an open source customer relationship management application. Prior to 9.3.5, the POST /api/v1/EmailTemplate/:id/prepare endpoint accepts an emailAddress parameter and resolves the owning entity (Contact, Lead, Account, or User) without performing an ACL check. An…

  • CVE-2026-3173MedMay 28, 2026
    risk 0.35cvss 6.5epss 0.00

    The Meta Field Block plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.5.1. This is due to the plugin allowing users to specify arbitrary object IDs and object types via block attributes without validating whether the…

  • CVE-2026-42725MedMay 27, 2026
    risk 0.35cvss 6.5epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in WP Wham Checkout Files Upload for WooCommerce checkout-files-upload-woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Checkout Files Upload for WooCommerce:…

  • CVE-2026-43934MedMay 26, 2026
    risk 0.35cvss 6.5epss 0.00

    e107 is a content management system (CMS). Prior to 2.3.4, a Broken Access Control vulnerability exists in the application, allowing an unauthorized authenticated user to edit comments posted by others. This stems from inadequate server-side access control validation, where the…