Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2026-5799

Summary
Assigner-TR-CERT
Assigner Org ID-ca940d4e-fea4-4aa2-9a58-591a58b1ce21
Published At-07 Jul, 2026 | 06:49
Updated At-07 Jul, 2026 | 13:26
Rejected At-
Credits

IDOR in Idvlabs' Ontime

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:TR-CERT
Assigner Org ID:ca940d4e-fea4-4aa2-9a58-591a58b1ce21
Published At:07 Jul, 2026 | 06:49
Updated At:07 Jul, 2026 | 13:26
Rejected At:
▼CVE Numbering Authority (CNA)
IDOR in Idvlabs' Ontime

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026.

Affected Products
Vendor
Idvlabs Software and Consulting Services Inc.
Product
Ontime
Default Status
unaffected
Versions
Affected
  • From 0 through 04052026 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-639CWE-639 Authorization bypass through User-Controlled key
Type: CWE
CWE ID: CWE-639
Description: CWE-639 Authorization bypass through User-Controlled key
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Metrics Other Info
Impacts
CAPEC IDDescription
CAPEC-21CAPEC-21 Exploitation of Trusted Identifiers
CAPEC ID: CAPEC-21
Description: CAPEC-21 Exploitation of Trusted Identifiers
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Mustafa Soner IŞIK
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0503
government-resource
Hyperlink: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0503
Resource:
government-resource
▼Authorized Data Publishers (ADP)
CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:iletisim@usom.gov.tr
Published At:07 Jul, 2026 | 08:16
Updated At:07 Jul, 2026 | 14:16

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
N/A
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Type: N/A
Version:
Base score:
Base severity: N/A
Vector:
CPE Matches

Weaknesses
CWE IDTypeSource
CWE-639Secondaryiletisim@usom.gov.tr
CWE ID: CWE-639
Type: Secondary
Source: iletisim@usom.gov.tr
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0503iletisim@usom.gov.tr
N/A
Hyperlink: https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0503
Source: iletisim@usom.gov.tr
Resource: N/A

Change History

0
Information is not available yet

Similar CVEs

150Records found

CVE-2026-5730
Matching Score-10
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-10
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-7.5||HIGH
EPSS-0.25% / 15.86%
||
7 Day CHG~0.00%
Published-07 Jul, 2026 | 06:45
Updated-07 Jul, 2026 | 14:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Idvlabs' Ontime

Authorization bypass through User-Controlled key vulnerability in Idvlabs Software and Consulting Services Inc. Ontime allows Exploitation of Trusted Identifiers. This issue affects Ontime: through 04052026.

Action-Not Available
Vendor-Idvlabs Software and Consulting Services Inc.
Product-Ontime
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-9185
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.52%
||
7 Day CHG~0.00%
Published-09 Jun, 2026 | 03:41
Updated-09 Jun, 2026 | 15:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
6Storage Rentals <= 2.22.0 - Unauthenticated Insecure Direct Object Reference to Arbitrary User Disclosure and Modification via 'userId' Parameter

The 6Storage Rentals plugin for WordPress is vulnerable to Authorization Bypass Through User-Controlled Key in all versions up to and including 2.22.0 via the `userId` parameter of the `six_storage_get_user_info` and `six_storage_update_profile` AJAX actions. This is due to the `six_storage_getUserInfo()` and `six_storage_updateProfile()` functions being registered on `wp_ajax_nopriv_*` hooks and accepting a tenant identifier directly from `$_POST['userId']` without performing any ownership verification, session binding, or nonce validation to confirm the requester has a legitimate relationship to the supplied ID. This makes it possible for unauthenticated attackers to read and modify arbitrary tenants' profile data — including name, email address, phone number, physical address, and SSN — by supplying an enumerated `userId` value in a crafted request to either handler.

Action-Not Available
Vendor-sixstorage
Product-6Storage Rentals
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-43977
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-Not Assigned
Published-16 Jul, 2026 | 22:13
Updated-17 Jul, 2026 | 14:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
wger IDOR: Authenticated Users Can Read Others' Private Workout Session Data via Template Routine API

wger is a free, open-source workout and fitness manager. In versions prior to 2.6, any authenticated user can read another user's private workout session notes, exercise history, and training statistics by calling the /logs/ and /stats/ actions on a routine they do not own. The vulnerability exists in RoutineViewSet (wger/manager/api/views.py). The view defines two custom actions /logs/ and /stats/ that are intended to return data for the requesting user's own training history within a routine. However, the underlying permission check (RoutinePermission.has_object_permission) grants read access to any authenticated user when the routine has is_template=True, regardless of ownership. When the /logs/ or /stats/ actions are invoked against a routine the attacker does not own, they return the owner's private workout history, not the attacker's. This issue has been fixed in version 2.6.

Action-Not Available
Vendor-wger-project
Product-wger
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-54839
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.80%
||
7 Day CHG~0.00%
Published-26 Jun, 2026 | 14:52
Updated-26 Jun, 2026 | 18:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Trinity Backup – Backup, Migrate, Restore, Clone & Schedule Backups plugin <= 2.0.9 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups <= 2.0.9 versions.

Action-Not Available
Vendor-kingaddons
Product-Trinity Backup &#8211; Backup, Migrate, Restore, Clone &amp; Schedule Backups
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-52799
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.42% / 34.29%
||
7 Day CHG~0.00%
Published-24 Jun, 2026 | 20:19
Updated-25 Jun, 2026 | 14:19
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Gogs: Missing Authorization in Attachment Download

Gogs is an open source self-hosted Git service. Prior to 0.14.3, GET /attachments/:uuid returns the raw attachment file without verifying whether the requester has view permission for the associated Issue/Comment/Release or the repository. In a test environment with REQUIRE_SIGNIN_VIEW = false, we confirmed that an unauthenticated user can download attachments belonging to a private repository. This vulnerability is fixed in 0.14.3.

Action-Not Available
Vendor-gogs
Product-gogs
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2026-52699
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.23% / 13.80%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:19
Updated-16 Jun, 2026 | 01:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress VikRentCar plugin <= 1.4.5 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References (IDOR) in VikRentCar <= 1.4.5 versions.

Action-Not Available
Vendor-e4jvikwp
Product-VikRentCar
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-20599
Matching Score-4
Assigner-Mitsubishi Electric Corporation
ShareView Details
Matching Score-4
Assigner-Mitsubishi Electric Corporation
CVSS Score-9.1||CRITICAL
EPSS-1.30% / 67.28%
||
7 Day CHG~0.00%
Published-14 Oct, 2021 | 00:00
Updated-03 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Cleartext Transmission of Sensitive InformationCleartext transmission of sensitive information vulnerability in MELSEC iQ-R series Safety CPU R08/16/32/120SFCPU firmware versions "26" and prior and MELSEC iQ-R series SIL2 Process CPU R08/16/32/120PSFCPU firmware versions "11" and prior allows a remote unauthenticated attacker to login to a target CPU module by obtaining credentials other than password.

Action-Not Available
Vendor-Mitsubishi Electric Corporation
Product-r08sfcpur120psfcpur08sfcpu_firmwarer32psfcpu_firmwarer120psfcpu_firmwarer16sfcpu_firmwarer32sfcpu_firmwarer32sfcpur08psfcpu_firmwarer16psfcpur08psfcpur120sfcpur16sfcpur32psfcpur120sfcpu_firmwarer16psfcpu_firmwareMELSEC iQ-R series SIL2 Process CPU R32PSFCPUMELSEC iQ-R Series SIL2 Process CPU R08PSFCPUMELSEC iQ-R series SIL2 Process CPU R16PSFCPUMELSEC iQ-R series Safety CPU R120SFCPUMELSEC iQ-R series Safety CPU R32SFCPUMELSEC iQ-R series Safety CPU R16SFCPUMELSEC iQ-R Series Safety CPU R08SFCPUMELSEC iQ-R series SIL2 Process CPU R120PSFCPUr120psfcpur32sfcpur120sfcpur16sfcpur32psfcpur16psfcpur08psfcpumelsec_iq-r08sfcpu
CWE ID-CWE-319
Cleartext Transmission of Sensitive Information
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-48872
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.80%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:18
Updated-16 Jun, 2026 | 13:43
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress EmbedPress plugin <= 4.5.2 - Sensitive Data Exposure vulnerability

Unauthenticated Sensitive Data Exposure in EmbedPress <= 4.5.2 versions.

Action-Not Available
Vendor-WPDeveloper
Product-EmbedPress
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-48868
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.28% / 19.81%
||
7 Day CHG~0.00%
Published-15 Jun, 2026 | 20:18
Updated-16 Jun, 2026 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Simple Shopping Cart plugin <= 5.2.9 - Insecure Direct Object References (IDOR) vulnerability

Unauthenticated Insecure Direct Object References (IDOR) in Simple Shopping Cart <= 5.2.9 versions.

Action-Not Available
Vendor-mra13 / Team Tips and Tricks HQ
Product-Simple Shopping Cart
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2020-36895
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.64% / 46.65%
||
7 Day CHG~0.00%
Published-10 Dec, 2025 | 20:54
Updated-17 Dec, 2025 | 19:22
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
EIBIZ i-Media Server Digital Signage 3.8.0 Unauthenticated Configuration Disclosure

EIBIZ i-Media Server Digital Signage 3.8.0 contains an unauthenticated configuration disclosure vulnerability that allows remote attackers to access sensitive configuration files via direct object reference. Attackers can retrieve the SiteConfig.properties file through an HTTP GET request, exposing administrative credentials, database connection details, and system configuration information.

Action-Not Available
Vendor-eibizEIBIZ Co.,Ltd.
Product-i-media_server_digital_signagei-Media Server Digital Signage
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-14844
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-8.2||HIGH
EPSS-0.42% / 33.95%
||
7 Day CHG~0.00%
Published-16 Jan, 2026 | 09:23
Updated-08 Apr, 2026 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Membership Plugin – Restrict Content <= 3.2.16 - Missing Authentication to Insecure Direct Object Reference and Sensitive Information Exposure

The Membership Plugin – Restrict Content plugin for WordPress is vulnerable to Missing Authentication in all versions up to, and including, 3.2.16 via the 'rcp_stripe_create_setup_intent_for_saved_card' function due to missing capability check. Additionally, the plugin does not check a user-controlled key, which makes it possible for unauthenticated attackers to leak Stripe SetupIntent client_secret values for any membership.

Action-Not Available
Vendor-The Events Calendar (StellarWP)Liquid Web, LLC
Product-restrict_contentMembership Plugin – Restrict Content
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2020-35849
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.60% / 73.06%
||
7 Day CHG~0.00%
Published-30 Dec, 2020 | 18:04
Updated-04 Aug, 2024 | 17:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in MantisBT before 2.24.4. An incorrect access check in bug_revision_view_page.php allows an unprivileged attacker to view the Summary field of private issues, as well as bugnotes revisions, gaining access to potentially confidential information via the bugnote_id parameter.

Action-Not Available
Vendor-n/aMantis Bug Tracker (MantisBT)
Product-mantisbtn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-42736
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.25% / 15.86%
||
7 Day CHG~0.00%
Published-27 May, 2026 | 09:49
Updated-27 May, 2026 | 11:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress BP Better Messages plugin <= 2.14.16 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in wordplus BP Better Messages bp-better-messages allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects BP Better Messages: from n/a through <= 2.14.16.

Action-Not Available
Vendor-wordplus
Product-BP Better Messages
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-41949
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.2||HIGH
EPSS-0.43% / 35.25%
||
7 Day CHG~0.00%
Published-18 May, 2026 | 13:52
Updated-14 Jul, 2026 | 20:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dify < 1.14.2 Authorization Bypass via File Preview Endpoint

Dify before version 1.14.2 contains an authorization bypass vulnerability in the file preview endpoint that allows any authenticated user to read up to 3,000 characters of any uploaded document across all tenants and workspaces using only the file's UUID. Attackers can access the /console/api/files/{file_id}/preview endpoint with an intercepted file UUID to extract sensitive content from documents without ownership or workspace permission verification. NOTE: Dify Cloud allows unauthenticated free self-registration, making account creation trivially accessible to any attacker.

Action-Not Available
Vendor-difylanggenius
Product-difydify
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-51066
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.37%
||
7 Day CHG~0.00%
Published-31 Oct, 2024 | 00:00
Updated-05 Jul, 2026 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Insecure Direct Object Reference (IDOR) vulnerability in appointment-detail.php in Phpgurukul's Beauty Parlour Management System v1.1 allows unauthorized access to the Personally Identifiable Information (PII) of other customers.

Action-Not Available
Vendor-n/aPHPGurukul LLP
Product-beauty_parlour_management_systemn/abeauty_parlour_management_system
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-33484
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-5.84% / 92.34%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 12:57
Updated-24 Mar, 2026 | 19:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Langflow has Unauthenticated IDOR on Image Downloads

Langflow is a tool for building and deploying AI-powered agents and workflows. In versions 1.0.0 through 1.8.1, the `/api/v1/files/images/{flow_id}/{file_name}` endpoint serves image files without any authentication or ownership check. Any unauthenticated request with a known flow_id and file_name returns the image with HTTP 200. In a multi-tenant deployment, any attacker who can discover or guess a `flow_id` (UUIDs can be leaked through other API responses) can download any user's uploaded images without credentials. Version 1.9.0 contains a patch.

Action-Not Available
Vendor-langflowlangflow-ai
Product-langflowlangflow
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2022-41479
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.10% / 61.98%
||
7 Day CHG~0.00%
Published-18 Oct, 2022 | 00:00
Updated-15 May, 2025 | 16:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. This leads to an Insecure Direct Object References (IDOR) vulnerability which allows attackers to access the application source code. NOTE: the vendor disputes this because the retrieved source code is only the DevExpress client-side application code that is, of course, intentionally readable by web browsers (a site's custom code and data is never accessible via an IDOR approach).

Action-Not Available
Vendor-devexpressn/a
Product-asp.net_web_forms_controlsn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-47047
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.48% / 38.57%
||
7 Day CHG~0.00%
Published-17 Sep, 2024 | 00:00
Updated-17 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the powermail extension through 12.4.0 for TYPO3. It fails to validate the mail parameter of the createAction, resulting in Insecure Direct Object Reference (IDOR) in some configurations. An unauthenticated attacker can use this to display user-submitted data of all forms persisted by the extension. The fixed versions are 7.5.1, 8.5.1, 10.9.1, and 12.4.1.

Action-Not Available
Vendor-in2coden/a
Product-powermailn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-46937
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-9.1||CRITICAL
EPSS-0.50% / 39.16%
||
7 Day CHG~0.00%
Published-16 Sep, 2024 | 00:00
Updated-24 Oct, 2024 | 17:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. The is a brute-force attack on the serial parameter by number identifier: GA00001, GA00002, GA00003, etc.

Action-Not Available
Vendor-mfasoftn/amfasoft
Product-secure_authentication_servern/asecure_authentication_server
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-4464
Matching Score-4
Assigner-Synology Inc.
ShareView Details
Matching Score-4
Assigner-Synology Inc.
CVSS Score-7.5||HIGH
EPSS-0.55% / 42.22%
||
7 Day CHG+0.01%
Published-18 Dec, 2024 | 06:00
Updated-29 Jan, 2026 | 17:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Authorization bypass through user-controlled key vulnerability in streaming service in Synology Media Server before 1.4-2680, 2.0.5-3152 and 2.2.0-3325 allows remote attackers to read specific files via unspecified vectors.

Action-Not Available
Vendor-Synology, Inc.
Product-media_serverMedia Server
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-46585
Matching Score-4
Assigner-Apache Software Foundation
ShareView Details
Matching Score-4
Assigner-Apache Software Foundation
CVSS Score-7.5||HIGH
EPSS-0.40% / 32.17%
||
7 Day CHG~0.00%
Published-06 Jul, 2026 | 08:03
Updated-08 Jul, 2026 | 15:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Apache Camel Lucene: The query control headers used non-Camel-prefixed names (QUERY, RETURN_LUCENE_DOCS) that bypass the HTTP header filter, allowing an HTTP client to inject the full-text search query

Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Apache Camel Lucene Component. The camel-lucene producer reads the search phrase from an Exchange header (LuceneConstants.HEADER_QUERY) whose value was the plain string QUERY (and RETURN_LUCENE_DOCS for HEADER_RETURN_LUCENE_DOCS). Because these names do not start with the Camel / camel prefix, HttpHeaderFilterStrategy - which blocks only the Camel header namespace on the HTTP boundary - let them pass from an inbound HTTP request straight into the Exchange. In a route that exposes a Lucene query operation behind an HTTP consumer (for example platform-http), any HTTP client could therefore set the QUERY header and have its value executed against the full-text index, overriding the query the route intended to run. Depending on what is indexed, this allows reading documents the request should not have access to (for example a match-all query returns the entire index, or the route's intended per-user filter can be replaced), and expensive regular-expression queries can consume significant CPU. No credentials are required when the HTTP consumer is unauthenticated. This issue affects Apache Camel: from 4.0.0 before 4.14.8, from 4.15.0 before 4.18.3, from 4.19.0 before 4.21.0. Users are recommended to upgrade to version 4.21.0, which fixes the issue. If users are on the 4.14.x LTS releases stream, then they are suggested to upgrade to 4.14.8. If users are on the 4.18.x releases stream, then they are suggested to upgrade to 4.18.3. After upgrading, routes that set the query via the raw header name must use CamelLuceneQuery (and CamelLuceneReturnLuceneDocs) instead of QUERY / RETURN_LUCENE_DOCS. For deployments that cannot upgrade immediately, strip the attacker-controllable headers before the Lucene producer and set the query from a trusted source (for example removeHeader('QUERY') and removeHeader('RETURN_LUCENE_DOCS'), then setHeader('QUERY', constant(...)) at the start of the route).

Action-Not Available
Vendor-The Apache Software Foundation
Product-camelApache Camel Lucene
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-43438
Matching Score-4
Assigner-Fedora Project
ShareView Details
Matching Score-4
Assigner-Fedora Project
CVSS Score-7.5||HIGH
EPSS-0.52% / 40.60%
||
7 Day CHG~0.00%
Published-07 Nov, 2024 | 13:31
Updated-05 Aug, 2025 | 18:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Moodle: idor in feedback non-respondents report allows messaging arbitrary site users

A flaw was found in Feedback. Bulk messaging in the activity's non-respondents report did not verify message recipients belonging to the set of users returned by the report.

Action-Not Available
Vendor-Moodle Pty Ltd
Product-moodlemoodle
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-42422
Matching Score-4
Assigner-Dell
ShareView Details
Matching Score-4
Assigner-Dell
CVSS Score-8.3||HIGH
EPSS-0.29% / 20.76%
||
7 Day CHG~0.00%
Published-03 Dec, 2024 | 12:15
Updated-03 Feb, 2025 | 14:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Dell NetWorker, version(s) 19.10, contain(s) an Authorization Bypass Through User-Controlled Key vulnerability. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to Information disclosure.

Action-Not Available
Vendor-Dell Inc.
Product-networkerNetWorkernetworker
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-30230
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.2||HIGH
EPSS-0.38% / 29.82%
||
7 Day CHG~0.00%
Published-06 Mar, 2026 | 21:09
Updated-09 Apr, 2026 | 20:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Flare: Password‑Protected Thumbnail Bypass

Flare is a Next.js-based, self-hostable file sharing platform that integrates with screenshot tools. Prior to version 1.7.2, the thumbnail endpoint does not validate the password for password‑protected files. It checks ownership/admin for private files but skips password verification, allowing thumbnail access without the password. This issue has been patched in version 1.7.2.

Action-Not Available
Vendor-flintshFlintSH
Product-flareFlare
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2020-20183
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.00% / 58.98%
||
7 Day CHG~0.00%
Published-14 Dec, 2020 | 19:42
Updated-04 Aug, 2024 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Insecure direct object reference vulnerability in Zyxel’s P1302-T10 v3 with firmware version 2.00(ABBX.3) and earlier allows attackers to gain privileges and access certain admin pages.

Action-Not Available
Vendor-n/aZyxel Networks Corporation
Product-p1302-t10_v3p1302-t10_v3_firmwaren/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-43315
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.43% / 34.93%
||
7 Day CHG~0.00%
Published-18 Aug, 2024 | 21:32
Updated-28 Apr, 2026 | 16:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Stripe Payments For WooCommerce plugin <= 1.9.1 - Insecure Direct Object References (IDOR) vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Checkout Plugins Stripe Payments For WooCommerce by Checkout.This issue affects Stripe Payments For WooCommerce by Checkout: from n/a through 1.9.1.

Action-Not Available
Vendor-Checkout Pluginscheckoutplugins
Product-Stripe Payments For WooCommerce by Checkoutstripe_payments_for_woocommerce
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-4794
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.80% / 52.37%
||
7 Day CHG~0.00%
Published-30 Jan, 2023 | 20:31
Updated-28 Mar, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
AAWP < 3.12.3 - Unsafe URL Handling

The AAWP WordPress plugin before 3.12.3 can be used to abuse trusted domains to load malware or other files through it (Reflected File Download) to bypass firewall rules in companies.

Action-Not Available
Vendor-getaawpUnknown
Product-amazon_affiliate_wordpress_pluginAAWP
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-10024
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.59%
||
7 Day CHG~0.00%
Published-22 Jan, 2026 | 11:45
Updated-05 Jun, 2026 | 12:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in EXERT Computer Technologies' Education Management System

Authorization Bypass Through User-Controlled Key vulnerability in EXERT Computer Technologies Software Ltd. Co. Education Management System allows Parameter Injection. This issue affects Education Management System: through 23.09.2025.

Action-Not Available
Vendor-EXERT Computer Technologies Software Ltd. Co.
Product-Education Management System
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-28696
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.45% / 36.14%
||
7 Day CHG~0.00%
Published-04 Mar, 2026 | 16:21
Updated-05 Mar, 2026 | 19:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Craft affected by IDOR via GraphQL @parseRefs

Craft is a content management system (CMS). Prior to 4.17.0-beta.1 and 5.9.0-beta.1, the GraphQL directive @parseRefs, intended to parse internal reference tags (e.g., {user:1:email}), can be abused by both authenticated users and unauthenticated guests (if a Public Schema is enabled) to access sensitive attributes of any element in the CMS. The implementation in Elements::parseRefs fails to perform authorization checks, allowing attackers to read data they are not authorized to view. This vulnerability is fixed in 4.17.0-beta.1 and 5.9.0-beta.1.

Action-Not Available
Vendor-craftcmscraftcms
Product-craft_cmscms
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-1031
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-7.5||HIGH
EPSS-0.26% / 17.64%
||
7 Day CHG~0.00%
Published-18 Dec, 2025 | 14:27
Updated-06 Jun, 2026 | 08:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Utarit Informatics' SoliClub

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse. This issue affects SoliClub: from 5.2.4 before 5.3.7.

Action-Not Available
Vendor-utaritUtarit Informatics Services Inc.
Product-soliclubSoliClub
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-40981
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-7.5||HIGH
EPSS-0.43% / 35.27%
||
7 Day CHG~0.00%
Published-07 May, 2026 | 03:55
Updated-15 Jul, 2026 | 02:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

When using Google Secrets Manager as a backend for the Spring Cloud Config server a client can craft a request to the config server potentially exposing secrets from unintended GCP projects. Spring Cloud Config 3.1.x: affected from 3.1.0 through 3.1.13 (inclusive); upgrade to 3.1.14 or greater (Enterprise Support Only). Spring Cloud Config 4.1.x: affected from 4.1.0 through 4.1.9 (inclusive); upgrade to 4.1.10 or greater (Enterprise Support Only). Spring Cloud Config 4.2.x: affected from 4.2.0 through 4.2.6 (inclusive); upgrade to 4.2.7 or greater (Enterprise Support Only). Spring Cloud Config 4.3.x: affected from 4.3.0 through 4.3.2 (inclusive); upgrade to 4.3.3 or greater. Spring Cloud Config 5.0.x: affected from 5.0.0 through 5.0.2 (inclusive); upgrade to 5.0.3 or greater.

Action-Not Available
Vendor-VMware (Broadcom Inc.)Red Hat, Inc.
Product-spring_cloud_configSpring Cloud ConfigRed Hat JBoss Enterprise Application Platform Expansion PackRed Hat Enterprise Linux 8
CWE ID-CWE-1220
Insufficient Granularity of Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-39018
Matching Score-4
Assigner-The Missing Link Australia (TML)
ShareView Details
Matching Score-4
Assigner-The Missing Link Australia (TML)
CVSS Score-8.2||HIGH
EPSS-0.38% / 30.60%
||
7 Day CHG~0.00%
Published-31 Oct, 2022 | 20:09
Updated-02 May, 2025 | 17:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken access controls on PDFtron data in M-Files Hubshare

Broken access controls on PDFtron data in M-Files Hubshare before 3.3.11.3 allows unauthenticated attackers to access restricted PDF files via a known URL.

Action-Not Available
Vendor-M-Files Oy
Product-hubshareHubshare
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-287
Improper Authentication
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-3846
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.78% / 51.88%
||
7 Day CHG~0.00%
Published-05 Dec, 2022 | 16:51
Updated-23 Apr, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Workreap - Freelance Marketplace and Directory < 2.6.3 - Subscriber+ Private Message Disclosure via IDOR

The Workreap WordPress theme before 2.6.3 has a vulnerability with the notifications feature as it's possible to read any user's notification (employer or freelancer) as the notification ID is brute-forceable.

Action-Not Available
Vendor-amentotechUnknown
Product-workreapWorkreap
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-36539
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-1.25% / 66.02%
||
7 Day CHG~0.00%
Published-07 Sep, 2022 | 16:22
Updated-03 Aug, 2024 | 10:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

WeDayCare B.V Ouderapp before v1.1.22 allows attackers to alter the ID value within intercepted calls to gain access to data of other parents and children.

Action-Not Available
Vendor-eigen\&wijzer_ouderapp_projectn/a
Product-eigen\&wijzer_ouderappn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-34770
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-4.6||MEDIUM
EPSS-0.38% / 30.68%
||
7 Day CHG~0.00%
Published-22 Aug, 2022 | 14:41
Updated-17 Sep, 2024 | 04:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tabit - sensitive information disclosure

Tabit - sensitive information disclosure. Several APIs on the web system display, without authorization, sensitive information such as health statements, previous bills in a specific restaurant, alcohol consumption and smoking habits. Each of the described API’s, has in its URL one or more MongoDB ID which is not so simple to enumerate. However, they each receive a ‘tiny URL’ in Tabit’s domain, in the form of https://tbit.be/{suffix} with suffix being a 5 characters long string containing numbers, lower- and upper-case letters. It is not so simple to enumerate them all, but really easy to find some that work and lead to a personal endpoint. This is both an example of OWASP: API4 - rate limiting and OWASP: API1 - Broken object level authorization. Furthermore, the redirect URL disclosed the MongoDB IDs discussed above, and we could use them to query other endpoints disclosing more personal information. For example: The URL https://tabitisrael.co.il/online-reservations/health-statement?orgId={org_id}&healthStatementId={health_statement_id} is used to invite friends to fill a health statement before attending the restaurant. We can use the health_statement_id to access the https://tgm-api.tabit.cloud/health-statement/{health_statement_id} API which disclose medical information as well as id number.

Action-Not Available
Vendor-tabitTabit
Product-tabitTabit
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-34775
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
ShareView Details
Matching Score-4
Assigner-Israel National Cyber Directorate (INCD)
CVSS Score-6.3||MEDIUM
EPSS-0.40% / 32.10%
||
7 Day CHG~0.00%
Published-22 Aug, 2022 | 14:42
Updated-17 Sep, 2024 | 04:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Tabit - Excessive data exposure

Tabit - Excessive data exposure. Another endpoint mapped by the tiny url, was one for reservation cancellation, containing the MongoDB ID of the reservation, and organization. This can be used to query the http://tgm-api.tabit.cloud/rsv/management/{reservationId}?organization={orgId} API which returns a lot of data regarding the reservation (OWASP: API3): Name, mail, phone number, the number of visits of the user to this specific restaurant, the money he spent there, the money he spent on alcohol, whether he left a deposit etc. This information can easily be used for a phishing attack.

Action-Not Available
Vendor-tabitTabit
Product-tabitTabit
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2026-27449
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-0.36% / 28.10%
||
7 Day CHG~0.00%
Published-26 Feb, 2026 | 21:51
Updated-03 Mar, 2026 | 01:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Umbraco.Engage.Forms Allows Unauthorized Access to Multiple API Endpoints

Umbraco Engage is a business intelligence platform. A vulnerability has been identified in Umbraco Engage prior to versions 16.2.1 and 17.1.1 where certain API endpoints are exposed without enforcing authentication or authorization checks. The affected endpoints can be accessed directly over the network without requiring a valid session or user credentials. By supplying a user-controlled identifier parameter (e.g., ?id=), an attacker can retrieve sensitive data associated with arbitrary records. Because no access control validation is performed, the endpoints are vulnerable to enumeration attacks, allowing attackers to iterate over identifiers and extract data at scale. An unauthenticated attacker can retrieve sensitive Engage-related data by directly querying the affected API endpoints. The vulnerability allows arbitrary record access through predictable or enumerable identifiers. The confidentiality impact is considered high. No direct integrity or availability impact has been identified. The scope of exposed data depends on the deployment but may include analytics data, tracking data, customer-related information, or other Engage-managed content. The vulnerability affects both v16 and v17. Patches have already been released. Users are advised to update to 16.2.1 or 17.1.1. No known workarounds are available.

Action-Not Available
Vendor-Umbraco A/S (Umbraco)
Product-Umbraco.Engage.Forms
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-306
Missing Authentication for Critical Function
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-3305
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
ShareView Details
Matching Score-4
Assigner-TR-CERT (Computer Emergency Response Team of the Republic of Türkiye)
CVSS Score-8.8||HIGH
EPSS-0.39% / 30.75%
||
7 Day CHG~0.00%
Published-12 Sep, 2024 | 13:03
Updated-03 Jun, 2026 | 16:16
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR in Utarit Information's SoliClub

Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.

Action-Not Available
Vendor-utaritUtarit Informationutarit
Product-soliclubSoliClubsoliclub
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-862
Missing Authorization
CVE-2022-24187
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.74% / 50.62%
||
7 Day CHG~0.00%
Published-28 Nov, 2022 | 00:00
Updated-29 Apr, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. Other end-users user_id and device_id values can be enumerated by incrementing or decrementing id numbers. The impact of this vulnerability allows an attacker to discover sensitive information such as end-user email addresses, and their unique frame_token value of all other Ourphoto App end-users.

Action-Not Available
Vendor-sz-fujian/a
Product-ourphoton/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-2367
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-7.5||HIGH
EPSS-0.99% / 58.45%
||
7 Day CHG+0.03%
Published-08 Aug, 2022 | 13:47
Updated-03 Aug, 2024 | 00:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WSM Downloader <= 1.4.0 - Domain Name Restriction Bypass

The WSM Downloader WordPress plugin through 1.4.0 allows only specific popular websites to download images/files from, this can be bypassed due to the lack of good "link" parameter validation

Action-Not Available
Vendor-wsm_downloader_projectUnknown
Product-wsm_downloaderWSM Downloader
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-39033
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.34% / 26.29%
||
7 Day CHG~0.00%
Published-06 Feb, 2025 | 00:00
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In Newgensoft OmniDocs 11.0_SP1_03_006, Insecure Direct Object Reference (IDOR) in the getuserproperty function allows user's configuration and PII to be stolen.

Action-Not Available
Vendor-n/a
Product-n/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-22190
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.4||HIGH
EPSS-0.92% / 56.37%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 15:50
Updated-16 Sep, 2024 | 22:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Paragon Active Assurance Control Center: Information disclosure vulnerability in crafted URL

An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. A feature was introduced in version 3.1 of the Paragon Active Assurance Control Center which allows users to selective share account data using a unique identifier. Knowing the proper format of the URL and the identifier of an existing object in an application it is possible to get access to that object without being logged in, even if the object is not shared, resulting in the opportunity for malicious exfiltration of user data. Note that the Paragon Active Assurance Control Center SaaS offering is not affected by this issue. This issue affects Juniper Networks Paragon Active Assurance version 3.1.0.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-paragon_active_assurance_control_centerParagon Active Assurance
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-22828
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-2.07% / 79.31%
||
7 Day CHG~0.00%
Published-27 Jan, 2022 | 05:41
Updated-03 Aug, 2024 | 03:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string.

Action-Not Available
Vendor-synametricsn/a
Product-synamann/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2023-38884
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.88% / 54.98%
||
7 Day CHG~0.00%
Published-20 Nov, 2023 | 00:00
Updated-02 Aug, 2024 | 17:54
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An Insecure Direct Object Reference (IDOR) vulnerability in the Community Edition version 9.0 of openSIS Classic allows an unauthenticated remote attacker to access any student's files by visiting '/assets/studentfiles/<studentId>-<filename>'

Action-Not Available
Vendor-os4edn/a
Product-opensisn/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2022-1949
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.39% / 69.29%
||
7 Day CHG~0.00%
Published-01 Jun, 2022 | 15:08
Updated-13 Dec, 2024 | 18:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An access control bypass vulnerability found in 389-ds-base. That mishandling of the filter that would yield incorrect results, but as that has progressed, can be determined that it actually is an access control bypass. This may allow any remote unauthenticated user to issue a filter that allows searching for database items they do not have access to, including but not limited to potentially userPassword hashes and other sensitive data.

Action-Not Available
Vendor-n/aRed Hat, Inc.Fedora Project
Product-enterprise_linux389_directory_serverfedoradirectory_server389-ds-base
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2020-13700
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-13.46% / 96.01%
||
7 Day CHG~0.00%
Published-24 Jun, 2020 | 14:25
Updated-04 Aug, 2024 | 12:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in the acf-to-rest-api plugin through 3.1.0 for WordPress. It allows an insecure direct object reference via permalinks manipulation, as demonstrated by a wp-json/acf/v3/options/ request that reads sensitive information in the wp_options table, such as the login and pass values.

Action-Not Available
Vendor-acf_to_rest_api_projectn/a
Product-acf_to_rest_apin/a
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2024-4537
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.5||HIGH
EPSS-0.66% / 47.49%
||
7 Day CHG~0.00%
Published-07 May, 2024 | 11:35
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IDOR vulnerability in Janto Ticketing Software

IDOR vulnerability in Janto Ticketing Software affecting version 4.3r10. This vulnerability could allow a remote user to obtain the download URL of another user to obtain the purchased ticket.

Action-Not Available
Vendor-Improntaimpronta
Product-Janto Ticketing Softwarejanto_ticketing_system
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2025-12270
Matching Score-4
Assigner-VulDB
ShareView Details
Matching Score-4
Assigner-VulDB
CVSS Score-5.3||MEDIUM
EPSS-0.37% / 29.07%
||
7 Day CHG~0.00%
Published-27 Oct, 2025 | 12:02
Updated-31 Oct, 2025 | 20:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LearnHouse Student Assignment Submission sub_file resource injection

A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file of the component Student Assignment Submission Handler. This manipulation causes improper control of resource identifiers. The attack can be initiated remotely. The exploit has been publicly disclosed and may be utilized. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. The vendor was contacted early about this disclosure but did not respond in any way.

Action-Not Available
Vendor-learnhousen/a
Product-learnhouseLearnHouse
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-99
Improper Control of Resource Identifiers ('Resource Injection')
CVE-2021-43957
Matching Score-4
Assigner-Atlassian
ShareView Details
Matching Score-4
Assigner-Atlassian
CVSS Score-7.5||HIGH
EPSS-1.27% / 66.65%
||
7 Day CHG+0.03%
Published-16 Mar, 2022 | 00:55
Updated-07 Oct, 2024 | 19:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. The affected versions are before version 4.8.9.

Action-Not Available
Vendor-Atlassian
Product-fisheyecrucibleFisheyeCruciblefisheyecrucible
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CVE-2021-43828
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.5||HIGH
EPSS-1.37% / 68.86%
||
7 Day CHG~0.00%
Published-14 Dec, 2021 | 19:20
Updated-04 Aug, 2024 | 04:10
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Privilege Management in Patrowl

PatrOwl is a free and open-source solution for orchestrating Security Operations. In versions prior to 1.77 an improper privilege management (IDOR) has been found in PatrowlManager. All imports findings file is placed under /media/imports/<owner_id>/<tmp_file> In that, owner_id is predictable and tmp_file is in format of import_<ownder_id>_<time_created>, for example: import_1_1639213059582.json This filename is predictable and allows anyone without logging in to download all finding import files This vulnerability is capable of allowing unlogged in users to download all finding imports file. Users are advised to update to 1.7.7 as soon as possible. There are no known workarounds.

Action-Not Available
Vendor-patrowlPatrowl
Product-patrowlmanagerPatrowlManager
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found