CWE-639
Authorization Bypass Through User-Controlled Key
Description
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
Hierarchy (View 1000)
CVEs mapped to this weakness (1,068)
page 5 of 54| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-52389 | Hig | 0.57 | 8.8 | 0.00 | Sep 8, 2025 | An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request. | ||
| CVE-2025-46387 | — | Hig | 0.57 | 8.8 | 0.00 | Aug 6, 2025 | CWE-639 Authorization Bypass Through User-Controlled Key | |
| CVE-2025-46386 | — | Hig | 0.57 | 8.8 | 0.00 | Aug 6, 2025 | CWE-639 Authorization Bypass Through User-Controlled Key | |
| CVE-2025-51865 | — | Hig | 0.57 | 8.8 | 0.00 | Jul 22, 2025 | Ai2 playground web service (playground.allenai.org) LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR), allowing attackers to gain sensitvie information via enumerating thread keys in the URL. | |
| CVE-2025-34140 | Hig | 0.57 | — | 0.01 | Jul 22, 2025 | An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was… | ||
| CVE-2025-40650 | Hig | 0.57 | — | 0.00 | May 26, 2025 | Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards. | ||
| CVE-2025-3610 | Hig | 0.57 | 8.8 | 0.01 | May 6, 2025 | The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it… | ||
| CVE-2025-3575 | Hig | 0.57 | — | 0.00 | Apr 15, 2025 | Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint. | ||
| CVE-2025-3574 | Hig | 0.57 | — | 0.00 | Apr 15, 2025 | Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint. | ||
| CVE-2025-2526 | Hig | 0.57 | 8.8 | 0.01 | Apr 8, 2025 | The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the… | ||
| CVE-2025-1667 | Hig | 0.57 | 8.8 | 0.00 | Mar 15, 2025 | The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with… | ||
| CVE-2024-34520 | Hig | 0.57 | 8.8 | 0.00 | Feb 12, 2025 | An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing… | ||
| CVE-2024-10497 | — | Hig | 0.57 | 8.8 | 0.01 | Jan 17, 2025 | CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges (Elevation of Privileges) when the attacker sends modified HTTPS requests to the device. | |
| CVE-2024-13040 | Hig | 0.57 | 8.8 | 0.00 | Dec 31, 2024 | The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and… | ||
| CVE-2024-48217 | Hig | 0.57 | 8.8 | 0.01 | Nov 1, 2024 | An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation. | ||
| CVE-2024-9263 | Cri | 0.57 | 9.8 | 0.01 | Oct 17, 2024 | The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing… | ||
| CVE-2024-9215 | Hig | 0.57 | 8.8 | 0.01 | Oct 17, 2024 | The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the… | ||
| CVE-2023-6523 | Hig | 0.57 | 8.8 | 0.01 | Apr 5, 2024 | Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse. This issue affects Extreme XDS: before 3914. | ||
| CVE-2023-6724 | Hig | 0.57 | 8.8 | 0.01 | Feb 9, 2024 | Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release… | ||
| CVE-2023-6515 | Hig | 0.57 | 8.8 | 0.01 | Feb 8, 2024 | Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7. |
- risk 0.57cvss 8.8epss 0.00
An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request.
- risk 0.57cvss 8.8epss 0.00
CWE-639 Authorization Bypass Through User-Controlled Key
- risk 0.57cvss 8.8epss 0.00
CWE-639 Authorization Bypass Through User-Controlled Key
- risk 0.57cvss 8.8epss 0.00
Ai2 playground web service (playground.allenai.org) LLM chat through 2025-06-03 is vulnerable to Insecure Direct Object Reference (IDOR), allowing attackers to gain sensitvie information via enumerating thread keys in the URL.
- risk 0.57cvss —epss 0.01
An authorization bypass vulnerability exists in ETQ Reliance (legacy CG and NXG SaaS platforms). By appending a specific URI suffix to certain API endpoints, an unauthenticated attacker can bypass access control checks and retrieve limited sensitive resources. The root cause was…
- risk 0.57cvss —epss 0.00
Insecure Direct Object Reference (IDOR) vulnerability in Clickedu. This vulnerability could allow an attacker to retrieve information about student report cards.
- risk 0.57cvss 8.8epss 0.01
The Reales WP STPT plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.1.2. This is due to the plugin not properly validating a user's identity prior to updating their details like password. This makes it…
- risk 0.57cvss —epss 0.00
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint.
- risk 0.57cvss —epss 0.00
Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint.
- risk 0.57cvss 8.8epss 0.01
The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the…
- risk 0.57cvss 8.8epss 0.00
The School Management System – WPSchoolPress plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the wpsp_UpdateTeacher() function in all versions up to, and including, 2.2.16. This makes it possible for authenticated attackers, with…
- risk 0.57cvss 8.8epss 0.00
An authorization bypass vulnerability exists in the Mavenir SCE Application Provisioning Portal, version PORTAL-LBS-R_1_0_24_0, which allows an authenticated 'guest' user to perform unauthorized administrative actions, such as accessing the 'add user' feature, by bypassing…
- risk 0.57cvss 8.8epss 0.01
CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges (Elevation of Privileges) when the attacker sends modified HTTPS requests to the device.
- risk 0.57cvss 8.8epss 0.00
The QOCA aim from Quanta Computer has an Authorization Bypass Through User-Controlled Key vulnerability. By controlling the user ID parameter, remote attackers with regular privileges could access certain features as any user, modify any user's account information and…
- risk 0.57cvss 8.8epss 0.01
An Insecure Direct Object Reference (IDOR) in the dashboard of SiSMART v7.4.0 allows attackers to execute a horizontal-privilege escalation.
- risk 0.57cvss 9.8epss 0.01
The WP Timetics- AI-powered Appointment Booking Calendar and Online Scheduling Plugin plugin for WordPress is vulnerable to Account Takeover/Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 1.0.25 via the save() due to missing…
- risk 0.57cvss 8.8epss 0.01
The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the…
- risk 0.57cvss 8.8epss 0.01
Authorization Bypass Through User-Controlled Key vulnerability in ExtremePacs Extreme XDS allows Authentication Abuse. This issue affects Extreme XDS: before 3914.
- risk 0.57cvss 8.8epss 0.01
Authorization Bypass Through User-Controlled Key vulnerability in Software Engineering Consultancy Machine Equipment Limited Company Hearing Tracking System allows Authentication Abuse. This issue affects Hearing Tracking System: before for IOS 7.0, for Android Latest release…
- risk 0.57cvss 8.8epss 0.01
Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. MİA-MED allows Authentication Abuse. This issue affects MİA-MED: before 1.0.7.