CWE-639

9/10/2024CWE-639, CWE-639

CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges (Elevation of Privileg

CWE-639: Authorization Bypass Through User-Controlled Key vulnerability exists that could allow an authorized attacker to modify values outside those defined by their privileges (Elevation of Privileg...

1/17/2025CWE-639

CVE-2023-44254

5.0MEDIUM

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker

An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker ...

CVE-2023-31182

8.1HIGH

EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method.

5/8/2023CWE-639, CWE-639

CVE-2023-44249

10/10/2023CWE-639, CWE-639

An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote att

An authorization bypass through user-controlled key [CWE-639] vulnerability in Fortinet FortiManager version 7.4.0 and before 7.2.3 and FortiAnalyzer version 7.4.0 and before 7.2.3 allows a remote att...

CVE-2023-47543

10/29/2024CWE-639, CWE-639

An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other or

An authorization bypass through user-controlled key vulnerability [CWE-639] in Fortinet FortiPortal version 7.0.0 through 7.0.3 allows an authenticated attacker to interact with ressources of other or...

11/12/2024CWE-639

CVE-2024-10452

2.2LOW

Organization admins can delete pending invites created in an organization they are not part of.

CVE-2023-3700

6.3MEDIUM

Authorization Bypass Through User-Controlled Key in GitHub repository alextselegidis/easyappointments prior to 1.5.0.

7/17/2023CWE-639, CWE-639

CVE-2022-4812

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4806

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4803

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4802

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4799

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4798

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.1.

CVE-2022-4686

12/23/2022CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0.

CVE-2023-1463

3/17/2023CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23.

CVE-2022-43492

11/18/2022CWE-639, CWE-639

Auth. (subscriber+) Insecure Direct Object References (IDOR) vulnerability in Comments – wpDiscuz plugin 7.4.2 on WordPress.

CVE-2022-1810

5/23/2022CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9.

CVE-2022-0691

2/21/2022CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9.

CVE-2022-0686

9.1CRITICAL

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8.

2/20/2022CWE-639, CWE-639

CVE-2022-0639

2/17/2022CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7.

CVE-2022-0613

2/16/2022CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8.

CVE-2022-0512

2/14/2022CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6.

CVE-2022-4505

12/15/2022CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2.

CVE-2022-2824

8/15/2022CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.1.

CVE-2023-2844

4.9MEDIUM

Authorization Bypass Through User-Controlled Key in GitHub repository cloudexplorer-dev/cloudexplorer-lite prior to v1.1.0.

5/23/2023CWE-639, CWE-639

CVE-2023-2260

4/24/2023CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304.

CVE-2022-42067

10/14/2022CWE-639, CWE-639

Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability

CVE-2023-40720

7.1HIGH

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP config

An authorization bypass through user-controlled key vulnerability [CWE-639] in FortiVoiceEntreprise version 7.0.0 through 7.0.1 and before 6.4.8 allows an authenticated attacker to read the SIP config...

5/14/2024CWE-639

CVE-2023-30550

6.8MEDIUM

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administ

MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. This IDOR vulnerability allows the administ...

5/4/2023CWE-639, CWE-639 +1

CVE-2022-4811

8.3HIGH

Authorization Bypass Through User-Controlled Key vulnerability in usememos usememos/memos.This issue affects usememos/memos before 0.9.1.

CVE-2023-49339

2/13/2024CWE-639, CWE-639

Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint.

CVE-2023-36235

1/17/2024CWE-639, CWE-639

An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter.

CVE-2023-30216

11/3/2022CWE-639, CWE-639

Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information.

5/4/2023CWE-639, CWE-639

CVE-2021-36906

2.7LOW

Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress.

CVE-2024-50483

10/28/2024CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1.

CVE-2022-33077

7.5HIGH

An access control issue in nopcommerce v4.50.2 allows attackers to arbitrarily modify any customer's address via the addressedit endpoint.

10/19/2022CWE-639, CWE-639

CVE-2020-8235

10/5/2020CWE-639, CWE-639

Missing access control in Nextcloud Deck 1.0.4 caused an insecure direct object reference allowing an attacker to view all attachments.

CVE-2023-3048

6/13/2023CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15.

CVE-2022-1996

9.1CRITICAL

Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0.

6/8/2022CWE-639, CWE-639

CVE-2021-25096

The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL

2/7/2022CWE-639, CWE-639

CVE-2019-5466

1/28/2020CWE-639, CWE-639

An IDOR was discovered in GitLab CE/EE 11.5 and later that allowed new merge requests endpoint to disclose label names.

CVE-2024-40395

8/27/2024CWE-639, CWE-639

An Insecure Direct Object Reference (IDOR) in PTC ThingWorx v9.5.0 allows attackers to view sensitive information, including PII, regardless of access level.

CVE-2023-3288

8.5HIGH

A BOLA vulnerability in POST /providers allows a low privileged user to create a privileged user (provider) in the system. This results in privilege escalation.

7/9/2024CWE-639, CWE-639

CVE-2023-45892

7.5HIGH

An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information.

1/2/2024CWE-639, CWE-639

CVE-2023-36520

12/20/2023CWE-639, CWE-639

Authorization Bypass Through User-Controlled Key vulnerability in MarketingFire Editorial Calendar.This issue affects Editorial Calendar: from n/a through 3.7.12.

CVE-2023-46478

10/30/2023CWE-639, CWE-639

An issue in minCal v.1.0.0 allows a remote attacker to execute arbitrary code via a crafted script to the customer_data parameter.

CVE-2023-24625