CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,574 vulnerabilities with CWE-639
CVE-2024-7041
MEDIUM
Openwebui Open Webui - IDOR
CVSS 6.5
CVE-2024-9554
LOW
Sovell Smart Canteen System <3.0.7303.30513 - Auth Bypass
CVSS 3.7
CVE-2024-47316
MEDIUM
Salon Booking System <10.9 - Auth Bypass
CVSS 4.3
CVE-2024-47657
MEDIUM
Shilpi Net Back Office - Info Disclosure
CVSS 6.5
CVE-2024-20513
MEDIUM
Cisco Meraki MX/Z Series - DoS
CVSS 5.8
CVE-2024-9298
MEDIUM
Oretnom23 Railway Reservation System - Improper Access Control
CVSS 4.3
CVE-2024-39319
MEDIUM
Aimeos Frontend Controller < 2020.10.15 - IDOR
CVSS 5.3
CVE-2024-8290
HIGH
WCFM - Frontend Manager <6.7.12 - Insecure Direct Object Reference
CVSS 8.8
CVE-2024-8485
CRITICAL
WordPress <4.7.1 - Privilege Escalation
CVSS 9.8
CVE-2024-8791
CRITICAL
Charitable < 1.8.1.15 - IDOR
CVSS 9.8
CVE-2024-45806
MEDIUM
Envoy < 1.28.7 - IDOR
CVSS 6.5
CVE-2024-45614
MEDIUM
Puma < 5.6.9 - HTTP Request Smuggling
CVSS 5.4
CVE-2024-46982
HIGH
Vercel Next.js < 13.5.7 - IDOR
CVSS 7.5
CVE-2024-45606
HIGH
Sentry < 24.9.0 - IDOR
CVSS 7.1
CVE-2024-45605
MEDIUM
Sentry < 24.9.0 - IDOR
CVSS 6.5
CVE-2024-47047
HIGH
Powermail <12.4.0 - IDOR
CVSS 7.5
CVE-2024-6685
LOW
GitLab CE/EE <17.1.7-17.3.2 - Info Disclosure
CVSS 3.1
CVE-2024-46937
HIGH
Mfasoft Secure Authentication Server < 1.9.040924 - IDOR
CVSS 7.5
CVE-2024-6087
MEDIUM
Lunary < 1.4.9 - IDOR
CVSS 6.5
CVE-2024-25270
MEDIUM
Mirapolis LMS 4.6.XX - Info Disclosure
CVSS 4.3
CVE-2024-3306
HIGH
SoliClub <4.4.0-5.2.1 - Auth Bypass
CVSS 7.5
CVE-2024-3305
HIGH
SoliClub <4.4.0-5.2.1 - Auth Bypass
CVSS 7.5
CVE-2024-27113
CRITICAL
SO Planning <1.52.02 - IDOR
CVSS 9.8
CVE-2024-45786
MEDIUM
Reedos Aim-star - IDOR
CVSS 6.5
CVE-2024-45032
CRITICAL
Industrial Edge Management Pro/Virtual <V1.9.5-V2.3.1-1 - Auth Bypass
CVSS 10.0
Details
Vulnerabilities
1,574
Exploit Likelihood
High