VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 4 of 54
  • CVE-2026-24178CriApr 28, 2026
    risk 0.57cvss 9.8epss 0.01

    NVIDIA NVFlare Dashboard contains a vulnerability in the user management and authentication system where an unauthenticated attacker may cause authorization bypass through user-controlled key. A successful exploit of this vulnerability may lead to privilege escalation, data…

  • CVE-2026-6375HigApr 23, 2026
    risk 0.57cvss epss 0.00

    A vulnerability in SpiceJet’s booking API allows unauthenticated users to query passenger name records (PNRs) without any access controls. Because PNR identifiers follow a predictable pattern, an attacker could systematically enumerate valid records and obtain associated…

  • CVE-2026-41277HigApr 23, 2026
    risk 0.57cvss 8.8epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, a Mass Assignment vulnerability in the DocumentStore creation endpoint allows authenticated users to control the primary key (id) and internal state fields of DocumentStore…

  • CVE-2018-25270CriApr 22, 2026
    risk 0.57cvss 9.8epss 0.01

    ThinkPHP 5.0.23 contains a remote code execution vulnerability that allows unauthenticated attackers to execute arbitrary PHP code by invoking functions through the routing parameter. Attackers can craft requests to the index.php endpoint with malicious function parameters to…

  • CVE-2026-40308HigApr 16, 2026
    risk 0.57cvss epss 0.01

    My Calendar is a WordPress plugin for managing calendar events. In versions 3.7.6 and below, the mc_ajax_mcjs_action AJAX endpoint, registered for unauthenticated users, passes user-supplied arguments through parse_str() without validation, allowing injection of arbitrary…

  • CVE-2026-5617HigApr 15, 2026
    risk 0.57cvss 8.8epss 0.00

    The Login as User plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 1.0.3. This is due to the handle_return_to_admin() function trusting a client-controlled cookie (oclaup_original_admin) to determine which user to authenticate as,…

  • CVE-2026-38529HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.01

    A Broken Object-Level Authorization (BOLA) in the /Settings/UserController.php endpoint of Webkul Krayin CRM v2.2.x allows authenticated attackers to arbitrarily reset user passwords and perform a full account takeover via supplying a crafted HTTP request.

  • CVE-2026-25654HigApr 14, 2026
    risk 0.57cvss 8.8epss 0.00

    A vulnerability has been identified in SINEC NMS (All versions < V4.0 SP3). Affected products do not properly validate user authorization when processing password reset requests. This could allow an authenticated remote attacker to bypass authorization checks, leading to the…

  • CVE-2026-3321HigMar 30, 2026
    risk 0.57cvss epss 0.00

    A vulnerability of authorization bypass through user-controlled key in the 'console-survey/api/v1/answer/{EVENTID}/{TIMESTAMP}/' endpoint. Exploiting this vulnerability would allow an unauthenticated attacker to enumerate event IDs and obtain the complete Q&A history. This…

  • CVE-2026-3999HigMar 13, 2026
    risk 0.57cvss 8.8epss 0.00

    A broken access control may allow an authenticated user to perform a horizontal privilege escalation. The vulnerability only impacts specific configurations.

  • CVE-2025-15096HigFeb 11, 2026
    risk 0.57cvss 8.8epss 0.00

    The 'Videospirecore Theme Plugin' plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.6. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This…

  • CVE-2025-7347HigFeb 10, 2026
    risk 0.57cvss 8.8epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Dinibh Puzzle Software Solutions Dinibh Patrol Tracking System allows Exploitation of Trusted Identifiers. This issue affects Dinibh Patrol Tracking System: through 10022026. NOTE: The vendor was contacted early…

  • CVE-2025-15001CriJan 6, 2026
    risk 0.57cvss 9.8epss 0.00

    The FS Registration Password plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.1. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible…

  • CVE-2025-14998CriJan 2, 2026
    risk 0.57cvss 9.8epss 0.01

    The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for…

  • CVE-2025-6574HigNov 1, 2025
    risk 0.57cvss 8.8epss 0.00

    The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and excluding, 6.1. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it…

  • CVE-2025-5949HigNov 1, 2025
    risk 0.57cvss 8.8epss 0.00

    The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to processing a password change request. This makes it…

  • CVE-2025-61779HigOct 9, 2025
    risk 0.57cvss epss 0.00

    Confidential Containers's Trustee project contains tools and components for attesting confidential guests and providing secrets to them. In versions prior to 0.15.0, the attestation-policy endpoint didn't check if the kbs-client submitting the request was actually authenticated…

  • CVE-2025-6038HigOct 9, 2025
    risk 0.57cvss 8.8epss 0.00

    The Lisfinity Core - Lisfinity Core plugin used for pebas® Lisfinity WordPress theme plugin for WordPress is vulnerable to privilege escalation via password update in all versions up to, and including, 1.4.0. This is due to the plugin not properly validating a user's identity…

  • CVE-2025-7718HigSep 10, 2025
    risk 0.57cvss 8.8epss 0.00

    The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not properly validating a user's identity prior to updating their…

  • CVE-2025-7049HigSep 10, 2025
    risk 0.57cvss 8.8epss 0.00

    The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for…