VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 29 of 54
  • CVE-2026-7665MedJun 6, 2026
    risk 0.34cvss 5.3epss 0.05

    The Essential Addons for Elementor – Popular Elementor Templates & Widgets plugin for WordPress is vulnerable to Information Exposure in all versions up to, and including, 6.6.4 via the ajax_load_more function due to insufficient restrictions on which posts can be included.…

  • CVE-2026-10597MedJun 4, 2026
    risk 0.34cvss 5.3epss 0.00

    OMICARD EDM developed by ITPison has a Insecure Direct Object Reference vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to obtain user's email address.

  • CVE-2026-45297MedMay 28, 2026
    risk 0.34cvss epss 0.00

    OpenReplay is a self-hosted session replay suite. Prior to 1.26.0, there is a cross-tenant IDOR on feature-flag and assist-stats routes via {project_id} case mismatch. ProjectAuthorizer.__call__ (OSS api/auth/auth_project.py:14-38 and EE ee/api/auth/auth_project.py:14-46) only…

  • CVE-2026-46544MedMay 27, 2026
    risk 0.34cvss 5.3epss 0.00

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO accepts client-supplied session_id values in WebSocket task messages and reuses an existing in-memory session object if that session_id already…

  • CVE-2026-40127MedMay 25, 2026
    risk 0.34cvss epss 0.00

    OutSystems Lifetime is vulnerable to Authorization Bypass Through User-Controlled Key vulnerability in ApplicationID parameter. Any authenticated user, can read the Change Log containing actions performed by other users as well as application name of any application. This…

  • CVE-2026-6965MedMay 13, 2026
    risk 0.34cvss 5.3epss 0.00

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to and including 3.9.9. This is due to the `get_course_id_by()` function unconditionally trusting the user-supplied `course` GET parameter…

  • CVE-2025-14033MedMay 13, 2026
    risk 0.34cvss 5.3epss 0.00

    The ilGhera Support System for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the 'get_ticket_content_callback' function in all versions up to, and including, 1.3.0. This makes it possible for unauthenticated…

  • CVE-2026-44341MedMay 12, 2026
    risk 0.34cvss 5.3epss 0.00

    GoJobs is a REST API for a Job Board platform. The application exposes a job retrieval endpoint that allows unauthenticated users to access job details by directly manipulating object identifiers. The endpoint lacks proper authentication and authorization checks, resulting in…

  • CVE-2026-27329MedMay 7, 2026
    risk 0.34cvss 5.3epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in YITH YITH WooCommerce Wishlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects YITH WooCommerce Wishlist: from n/a through 4.12.0.

  • CVE-2026-7638MedMay 2, 2026
    risk 0.34cvss 5.3epss 0.00

    The App Builder – Create Native Android & iOS Apps On The Flight plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to and including 5.6.0. This is due to missing authorization validation in the `upload_avatar()` function, which accepts…

  • CVE-2026-7510MedApr 30, 2026
    risk 0.34cvss 6.3epss 0.00

    A vulnerability was determined in OWAP DefectDojo up to 2.55.4. Affected by this vulnerability is an unknown functionality of the component Benchmark/Engagement/Product/Survey. Executing a manipulation can lead to authorization bypass. The attack can be executed remotely. The…

  • CVE-2025-15626MedApr 27, 2026
    risk 0.34cvss epss 0.00

    Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application

  • CVE-2026-6810MedApr 24, 2026
    risk 0.34cvss 5.3epss 0.00

    The Booking Calendar Contact Form plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.2.63 via the dex_bccf_admin_int_calendar_list.inc.php file due to missing validation on a user controlled key. This makes it possible…

  • CVE-2026-40737MedApr 15, 2026
    risk 0.34cvss 5.3epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in VillaTheme COMPE compe-woo-compare-products allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects COMPE: from n/a through <= 1.1.4.

  • CVE-2026-35165MedApr 8, 2026
    risk 0.34cvss 6.3epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 21.0.0 to before 27.0.3 and 28.0.1, while the document_repository frontend was restricting file access, the backend…

  • CVE-2026-34985MedApr 8, 2026
    risk 0.34cvss 6.3epss 0.00

    LORIS (Longitudinal Online Research and Imaging System) is a self-hosted web application that provides data- and project-management for neuroimaging research. From 16.1.0 to before 27.0.3 and 28.0.1, While the frontend of the media module filters files that the user should not…

  • CVE-2026-39616MedApr 8, 2026
    risk 0.34cvss 5.3epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in dFactory Download Attachments download-attachments allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Download Attachments: from n/a through <= 1.4.0.

  • CVE-2026-5326MedApr 2, 2026
    risk 0.34cvss 5.3epss 0.00

    A vulnerability was identified in SourceCodester Leave Application System 1.0. Impacted is an unknown function of the file /index.php?page=manage_user of the component User Information Handler. Such manipulation of the argument ID leads to authorization bypass. The attack can be…

  • CVE-2025-69727MedMar 16, 2026
    risk 0.34cvss 5.3epss 0.00

    An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index.js and composeUrlImgPhotoIndividu) allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs…

  • CVE-2026-2888MedMar 13, 2026
    risk 0.34cvss 5.3epss 0.00

    The Formidable Forms plugin for WordPress is vulnerable to an authorization bypass through user-controlled key in all versions up to, and including, 6.28. This is due to the `frm_strp_amount` AJAX handler (`update_intent_ajax`) overwriting the global `$_POST` data with…