VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 32 of 54
  • CVE-2023-49812MedDec 19, 2023
    risk 0.34cvss 5.3epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in J.N. Breetvelt a.K.A. OpaJaap WP Photo Album Plus.This issue affects WP Photo Album Plus: from n/a through 8.5.02.005.

  • CVE-2023-3998MedOct 20, 2023
    risk 0.34cvss 5.3epss 0.00

    The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the userRate function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the rating of…

  • CVE-2023-3869MedOct 20, 2023
    risk 0.34cvss 5.3epss 0.00

    The wpDiscuz plugin for WordPress is vulnerable to unauthorized modification of data due to a missing authorization check on the voteOnComment function in versions up to, and including, 7.6.3. This makes it possible for unauthenticated attackers to increase or decrease the…

  • CVE-2023-3700MedJul 17, 2023
    risk 0.34cvss 6.3epss 0.00

    Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

  • CVE-2021-36400MedMar 6, 2023
    risk 0.34cvss 5.3epss 0.01

    In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions.

  • CVE-2026-7573MedMay 6, 2026
    risk 0.33cvss 5.0epss 0.00

    An authorization bypass (CWE-639) in the GetUserRoles gRPC API endpoint in Velocidex Velociraptor below version 0.76.5 allows any authenticated low-privilege user to retrieve the complete ACL policy (roles and permissions) for any user across all organizations by supplying…

  • CVE-2025-61876MedOct 29, 2025
    risk 0.33cvss 5.0epss 0.00

    Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform version 2.0.153 allows an authenticated user with low privileges to enumerate and access tenant information belonging to other clients via modification of the tenant ID in the request URL.

  • CVE-2025-7899MedJul 22, 2025
    risk 0.32cvss epss 0.00

    The powermail extension for TYPO3 allows Insecure Direct Object Reference resulting in download of arbitrary files from the webserver. This issue affects powermail version 12.0.0 up to 12.5.2 and version 13.0.0

  • CVE-2025-31833MedApr 1, 2025
    risk 0.32cvss 4.9epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in themeglow JobBoard Job listing job-board-light allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects JobBoard Job listing: from n/a through <= 1.2.8.

  • CVE-2026-3473MedMay 22, 2026
    risk 0.31cvss 5.9epss 0.00

    Mattermost versions 11.6.x <= 11.6.0, 11.5.x <= 11.5.3, 11.4.x <= 11.4.4, 10.11.x <= 10.11.14 fail to validate file ownership and access control, which allows an authenticated user to access and download files belonging to other users or teams via crafted Boards API requests…

  • CVE-2026-41949MedMay 18, 2026
    risk 0.31cvss 5.9epss 0.00

    Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access…

  • CVE-2026-42279MedMay 8, 2026
    risk 0.31cvss 5.8epss 0.00

    solidtime is an open-source time-tracking app. In version 0.12.0, the PUT /api/v1/organizations/{organization}/time-entries/{timeEntry} API accepts a route-bound timeEntry from another organization when the caller has time-entries:update:all in the URL organization, allowing a…

  • CVE-2026-41372MedApr 28, 2026
    risk 0.31cvss 5.8epss 0.00

    OpenClaw before 2026.4.2 fails to normalize trailing-dot localhost hosts in remote CDP discovery responses, allowing bypass of loopback protections. Attackers can craft hostile discovery responses returning localhost. to retarget authenticated browser control toward localhost…

  • CVE-2025-66286MedApr 23, 2026
    risk 0.31cvss 4.7epss 0.00

    An API design flaw in WebKitGTK and WPE WebKit allows untrusted web content to unexpectedly perform IP connections, DNS lookups, and HTTP requests. Applications expect to use the WebPage::send-request signal handler to approve or reject all network requests. However, certain…

  • CVE-2026-35670MedApr 10, 2026
    risk 0.31cvss 5.9epss 0.00

    OpenClaw before 2026.3.22 contains a webhook reply delivery vulnerability that allows attackers to rebind chat replies to unintended users by exploiting mutable username matching instead of stable numeric user identifiers. Attackers can manipulate username changes to redirect…

  • CVE-2026-33946MedMar 27, 2026
    risk 0.31cvss 5.9epss 0.00

    MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamable_http_transport.rb implementation contains a session hijacking vulnerability. An attacker who obtains a valid session ID can completely hijack…

  • CVE-2025-10493MedSep 18, 2025
    risk 0.31cvss 5.3epss 0.01

    The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to hijack…

  • CVE-2025-0670MedSep 2, 2025
    risk 0.31cvss 4.7epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft ProKuafor allows Resource Leak Exposure. This issue affects ProKuafor: from s1.02.07 before v1.02.08.

  • CVE-2025-0640MedSep 2, 2025
    risk 0.31cvss 4.7epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure. This issue affects OctoCloud: from s1.09.02 before v1.11.01.

  • CVE-2021-3964MedDec 1, 2021
    risk 0.31cvss 5.9epss 0.01

    elgg is vulnerable to Authorization Bypass Through User-Controlled Key