VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 3 of 54
  • CVE-2026-45746CriJun 5, 2026
    risk 0.59cvss 9.0epss 0.00

    Termix is a web-based server management platform with SSH terminal, tunneling, and file editing capabilities. Prior to version 2.3.2, the File Manager functionality in Termix contains a critical Broken Access Control vulnerability due to improper validation of the sessionId…

  • CVE-2026-29204CriMay 12, 2026
    risk 0.59cvss 9.1epss 0.00

    Insufficient ownership check in `clientarea.php` allows an authenticated client area user to submit requests using another user’s `addonId` without any ownership validation leading to unauthorized access to the victim's account.

  • CVE-2026-5652CriApr 21, 2026
    risk 0.59cvss 9.0epss 0.00

    An insecure direct object reference vulnerability in the Users API component of Crafty Controller allows a remote, authenticated attacker to perform user modification actions via improper API permissions validation.

  • CVE-2026-25197CriApr 3, 2026
    risk 0.59cvss 9.1epss 0.00

    A specific endpoint allows authenticated users to pivot to other user profiles by modifying the id number in the API call.

  • CVE-2019-19755CriApr 30, 2024
    risk 0.59cvss 9.1epss 0.00

    ethOS through 1.3.3 ships with SSH host keys baked into the installation image, which allows man-in-the-middle attacks and makes identification of all public IPv4 nodes trivial with Shodan.io. NOTE: as of 2019-12-01, the vendor indicated that they plan to fix this.

  • CVE-2014-0808CriJan 22, 2014
    risk 0.59cvss 9.1epss 0.02

    Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June 29th, 2015. If this vulnerability is exploited, a user of the affected shopping website may obtain other users' information by sending a…

  • CVE-2026-42947HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    A flaw in Naxclow's platform’s onboarding workflow allows an attacker to replay a confirm-then-bind sequence to silently reassign a device to an arbitrary account. Because the affected endpoints validate request signatures but do not confirm legitimate ownership, an attacker…

  • CVE-2026-8828HigJun 12, 2026
    risk 0.57cvss epss 0.00

    A lack of authorization validation in version 1.0.0 or later of the ChromaDB Rust project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

  • CVE-2026-45832HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    All V1 collection-level endpoints in ChromaDB's Python project pass None for the tenant and database to the authorization layer, allowing attackers to bypass authorization controls by using the V1 endpoints.

  • CVE-2026-45830HigJun 12, 2026
    risk 0.57cvss 8.8epss 0.00

    A lack of authorization validation in version 0.4.17 or later of the ChromaDB Python project allows any authenticated users to arbitrarily read, write, update, or delete data in any tenant's collection regardless of which tenant they belong to.

  • CVE-2026-6552HigJun 11, 2026
    risk 0.57cvss 8.7epss 0.00

    GitLab has remediated an issue in GitLab EE affecting all versions from 15.5 before 18.10.8, 18.11 before 18.11.5, and 19.0 before 19.0.2 that under certain conditions could have allowed an authenticated user with group Owner role to take over another group member's GitLab…

  • CVE-2025-14772HigJun 3, 2026
    risk 0.57cvss 8.8epss 0.00

    Authorization bypass through User-Controlled key vulnerability in ABB T-MAC Plus. This issue affects T-MAC Plus: 4.0-24.

  • CVE-2026-7201HigJun 2, 2026
    risk 0.57cvss 8.8epss 0.00

    CWE-639: Authorization Bypass Through User-Controlled Key in web services in Progress Sitefinity 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote authenticated attacker to modify account properties of other users, potentially leading…

  • CVE-2026-46414HigMay 27, 2026
    risk 0.57cvss 8.8epss 0.01

    Microsoft UFO open-source framework for intelligent automation across devices and platforms. In 3.0.1-4-ge2626659, Microsoft UFO's WebSocket control plane trusts client-supplied identity and role fields in task messages. A client connection can register as a normal device, but…

  • CVE-2026-38807HigMay 27, 2026
    risk 0.57cvss 8.8epss 0.00

    Insecure Permissions vulnerability in kvf-admin v1.0.0 allows a remote attacker to escalate privileges via the UserController.java component

  • CVE-2026-35430HigMay 22, 2026
    risk 0.57cvss 8.8epss 0.00

    Authorization bypass through user-controlled key in Azure Privileged Identity Management (PIM) allows an authorized attacker to elevate privileges over a network.

  • CVE-2026-42097HigMay 19, 2026
    risk 0.57cvss 8.8epss 0.01

    Sparx Pro Cloud Server requires authentication based on requested URL. An attacker can omit the "model" query parameter and send the model name only in the binary blob in POST request allowing SQL query execution without authentication. The vendor was notified early about…

  • CVE-2025-15025HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Authorization bypass through User-Controlled key vulnerability in Yordam Information Technology Consulting, Training and Electronic Systems Industry and Trade Inc. Library Automation System allows Exploitation of Trusted Identifiers. This issue affects Library Automation…

  • CVE-2025-12008HigMay 14, 2026
    risk 0.57cvss 8.8epss 0.00

    Authorization bypass through User-Controlled key vulnerability in APPYAP Technology and Information Inc. Yaay Social Media App allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Yaay Social Media App: from 3.8.0 through 24102025.

  • CVE-2026-6001HigMay 12, 2026
    risk 0.57cvss 8.8epss 0.00

    Authorization bypass through User-Controlled key vulnerability in ABIS Technology Ltd. Co. BAPSİS allows Exploitation of Trusted Identifiers. This issue affects BAPSİS: before v.202604152042.