CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,575 vulnerabilities with CWE-639
CVE-2022-34621
MEDIUM
Mealie - IDOR
CVSS 6.5
CVE-2022-2824
HIGH
GitHub openemr/openemr <7.0.0.1 - Auth Bypass
CVSS 8.8
CVE-2022-2535
MEDIUM
SearchWP Live Ajax Search <1.6.2 - Info Disclosure
CVSS 5.3
CVE-2022-2730
MEDIUM
Open-emr Openemr < 7.0.0.1 - IDOR
CVSS 6.5
CVE-2022-2367
HIGH
WSM Downloader <1.4.0 - CSRF
CVSS 7.5
CVE-2022-36284
MEDIUM
StoreApps Affiliate For WooCommerce <=4.7.0 - Info Disclosure
CVSS 6.4
CVE-2022-2499
LOW
Gitlab < 15.0.5 - IDOR
CVSS 3.5
CVE-2022-1600
MEDIUM
Yop-poll Yop Poll < 6.4.3 - IDOR
CVSS 5.3
CVE-2022-34150
HIGH
MiCODUS MV720 - Info Disclosure
CVSS 7.1
CVE-2022-33944
MEDIUM
MiCODUS MV720 - Info Disclosure
CVSS 6.5
CVE-2022-2193
HIGH
HYPR Server <6.14.1 - Code Injection
CVSS 7.5
CVE-2022-1881
MEDIUM
Octopus Server - Info Disclosure
CVSS 5.3
CVE-2022-30852
MEDIUM
Known v1.3.1 - Info Disclosure
CVSS 4.3
CVE-2022-1245
CRITICAL
Redhat Keycloak < 18.0.0 - Missing Authorization
CVSS 9.8
CVE-2022-31131
MEDIUM
Nextcloud mail <1.12.2 - Info Disclosure
CVSS 5.4
CVE-2022-23173
MEDIUM
Priority < 22.0 - IDOR
CVSS 5.5
CVE-2022-2243
MEDIUM
Gitlab < 14.10.5 - IDOR
CVSS 5.0
CVE-2022-31883
HIGH
Marvalglobal Marval Msm - IDOR
CVSS 8.8
CVE-2022-0624
HIGH
GitHub ionicabizau/parse-path <5.0.0 - Auth Bypass
CVSS 7.3
CVE-2022-1614
HIGH
Wp-email < 2.69.0 - IDOR
CVSS 7.5
CVE-2022-31295
HIGH
Online Discussion Forum Site 1 - Info Disclosure
CVSS 7.5
CVE-2022-30760
MEDIUM
ihb eG FlexNow <2.04.09.016 - Info Disclosure
CVSS 4.3
CVE-2022-31027
MEDIUM
JupyerHub - Info Disclosure
CVSS 4.2
CVE-2022-1996
CRITICAL
emicklei/go-restful <3.8.0 - Auth Bypass
CVSS 9.1
CVE-2022-29627
MEDIUM
Online Market Place Site - IDOR
CVSS 4.3
Details
Vulnerabilities
1,575
Exploit Likelihood
High