VYPR

CWE-639

Authorization Bypass Through User-Controlled Key

BaseIncompleteLikelihood: High

Description

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

Hierarchy (View 1000)

Parents

Children

CVEs mapped to this weakness (1,068)

page 44 of 54
  • CVE-2026-2366LowMar 12, 2026
    risk 0.20cvss 3.1epss 0.00

    A flaw was found in Keycloak. An authorization bypass vulnerability in the Keycloak Admin API allows any authenticated user, even those without administrative privileges, to enumerate the organization memberships of other users. This information disclosure occurs if the attacker…

  • CVE-2025-68492MedJan 14, 2026
    risk 0.20cvss 4.2epss 0.00

    Chainlit versions prior to 2.8.5 contain an authorization bypass through user-controlled key vulnerability. If this vulnerability is exploited, threads may be viewed or thread ownership may be obtained by an attacker who can log in to the product.

  • CVE-2025-12918LowNov 9, 2025
    risk 0.20cvss 3.1epss 0.00

    A security flaw has been discovered in yungifez Skuul School Management System up to 2.6.5. The impacted element is an unknown function of the file /dashboard/fees/fee-invoices/ of the component View Fee Invoice. Performing manipulation of the argument invoice_id results in…

  • CVE-2025-12623LowNov 3, 2025
    risk 0.20cvss 3.1epss 0.00

    A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java of the component…

  • CVE-2025-24856MedMar 16, 2025
    risk 0.20cvss 4.2epss 0.00

    An issue was discovered in the oidc (aka OpenID Connect Authentication) extension before 4.0.0 for TYPO3. The account linking logic allows a pre-hijacking attack, leading to Account Takeover. The attack can only be exploited if the following requirements are met: (1) an attacker…

  • CVE-2026-55482medJun 23, 2026
    risk 0.19cvss epss

    ### Impact The `BulkAssetsController::update()` method accepts `company_id` directly from user input without calling `Company::getIdForCurrentUser()`, the standard company-scoping function used by every other controller in the codebase. A non-superadmin user can move assets…

  • CVE-2026-9712LowMay 27, 2026
    risk 0.18cvss epss 0.00

    When creating an export through the pretix API, API clients are returned an UUID value for their export job (a long, random string like 35742818-c375-4d15-839f-d49aecce94d6). Using this UUID, the API client can then request the actual file for download. The same kind of UUID…

  • CVE-2026-3307LowApr 21, 2026
    risk 0.18cvss 2.7epss 0.00

    An authorization bypass vulnerability was identified in GitHub Enterprise Server that allowed an attacker with admin access on one repository to modify the secret scanning push protection delegated bypass reviewer list on another repository by manipulating the owner_id parameter…

  • CVE-2026-6570LowApr 19, 2026
    risk 0.18cvss 2.7epss 0.00

    A security flaw has been discovered in kodcloud KodExplorer up to 4.52. Affected is the function initInstall of the file /app/controller/systemMember.class.php. Performing a manipulation of the argument path results in authorization bypass. The attack may be initiated remotely.…

  • CVE-2026-39510LowApr 8, 2026
    risk 0.18cvss 2.7epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in WP Chill Image Photo Gallery Final Tiles Grid final-tiles-grid-gallery-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Image Photo Gallery Final Tiles Grid: from n/a…

  • CVE-2025-14882LowDec 19, 2025
    risk 0.18cvss epss 0.00

    An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.

  • CVE-2025-14881LowDec 19, 2025
    risk 0.18cvss epss 0.00

    Multiple API endpoints allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only.

  • CVE-2025-12954LowDec 3, 2025
    risk 0.18cvss 2.7epss 0.00

    The Timetable and Event Schedule by MotoPress WordPress plugin before 2.4.16 does not verify a user has access to a specific event when duplicating, leading to arbitrary event disclosure when to users with a role as low as Contributor.

  • CVE-2024-30507LowMar 29, 2024
    risk 0.18cvss 2.7epss 0.00

    Authorization Bypass Through User-Controlled Key vulnerability in Molongui.This issue affects Molongui: from n/a through 4.7.7.

  • CVE-2023-46311LowDec 20, 2023
    risk 0.18cvss 2.7epss 0.01

    Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3.

  • CVE-2026-9306LowMay 23, 2026
    risk 0.17cvss 3.7epss 0.00

    A security vulnerability has been detected in QuantumNous new-api up to 0.12.1. This affects the function RelayMidjourneyImage/GetByOnlyMJId of the file router/relay-router.go of the component Midjourney Image Relay Endpoint. Such manipulation leads to authorization bypass. The…

  • CVE-2026-9248LowMay 22, 2026
    risk 0.17cvss 2.6epss 0.00

    Authorization bypass in the entry duplication feature in Devolutions Server allows an authenticated user with write access to any vault to copy documentation and attachments from an entry in a vault they cannot access via a crafted save request. This issue affects : * …

  • CVE-2026-23522LowJan 19, 2026
    risk 0.17cvss 3.7epss 0.00

    LobeChat is an open source chat application platform. Prior to version 2.0.0-next.193, `knowledgeBase.removeFilesFromKnowledgeBase` tRPC ep allows authenticated users to delete files from any knowledge base without verifying ownership. `userId` filter in the database query is…

  • CVE-2024-1075LowFeb 5, 2024
    risk 0.17cvss 3.7epss 0.01

    The Minimal Coming Soon – Coming Soon Page plugin for WordPress is vulnerable to maintenance mode bypass and information disclosure in all versions up to, and including, 2.37. This is due to the plugin improperly validating the request path. This makes it possible for…

  • CVE-2026-45159LowJun 1, 2026
    risk 0.16cvss 3.5epss 0.00

    Nextcloud is an open source content collaboration platform. From versions 1.15.0 to before 1.15.4, 1.16.0 to before 1.16.3, 1.17.0 to before 1.17.1, and 1.18.0 to before 1.18.1, a malicious user with access to an end-to-end encrypted files drop link was able to also drop files…