CVE-2025-0642

PosCube Assist (PosCube Hardware Software and Consulting Ltd. Co.) is affected up to version 10.02.2025. The issue combines hard-coded credentials with an authorization bypass via user‑controlled keys, enabling authentication bypass and potentially arbitrary access (described as exploitation/ Exc...

CVE-2025-9342

Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc. AHE Mobile allows Privilege Abuse. This issue affects AHE Mobile: from 1.9.7 before 1.9.9...

CVE-2025-9342

CVE-2025-9342 affects Anadolu Hayat Emeklilik AHE Mobile (versions 1.9.7–1.9.8). A user-controlled key allows an authorization bypass, enabling privilege abuse. Public descriptions across multiple feeds confirm the issue and list 1.9.9 as the required fix. Impact details state privilege elevation...

CVE-2025-9342 IDOR in Anadolu Hayat Emeklilik's AHE Mobile

Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc. AHE Mobile allows Privilege Abuse. This issue affects AHE Mobile: from 1.9.7 before 1.9.9...

CVE-2025-57994

Technical details are not publicly available in the provided documents for CVE-2025-57994 (Upcoming Events Lists). Monitor for updates and rely on official advisories for affected versions, impact, and fixes.

CVE-2025-58012 WordPress Content Mask Plugin <= 1.8.5.2 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Alex Content Mask allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Content Mask: from n/a through 1.8.5.2...

CVE-2025-0875 IDOR in Proliz Software's OBS

Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS Student Affairs Information System allows Parameter Injection. This issue affects OBS Student Affairs Information System: before v26.0328...

WordPress plugin Content Mask 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...

CVE-2025-8057 IDOR in Patika Global Technologies' HumanSuite

Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client. This issue affects HumanSuite: before 53.21.0...

CVE-2025-10127

Daikin Europe N.V Security Gateway is vulnerable to an authorization bypass through a user-controlled key vulnerability that could allow an attacker to bypass authentication. An unauthorized attacker could access the system without prior credentials...

CVE-2025-7049

CVE-2025-7049 affects the WordPress plugin WPGYM - Wordpress Gym Management System up to version 67.7.0 . The vulnerability is a Privilege Escalation via a missing validation on a user-controlled key in the function MJ_gmgt_gmgt_add_user , allowing authenticated users with Subscriber+ privileges ...

CVE-2024-13063

Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft MyRezzta allows Forceful Browsing. This issue affects MyRezzta: from s2.02.02 before v2.05.01...

CVE-2025-0640

Authorization Bypass Through User-Controlled Key vulnerability in Akinsoft OctoCloud allows Resource Leak Exposure. This issue affects OctoCloud: from s1.09.02 before v1.11.01...

PT-2025-35550

Name of the Vulnerable Software and Affected Versions: Akinsoft OctoCloud versions s1.09.02 through v1.11.00 Description: An authorization bypass exists due to a user-controlled key, potentially leading to resource leak exposure in Akinsoft OctoCloud. Recommendations: Update Akinsoft OctoCloud to...

Authorization Bypass Through User-Controlled Key

Overview Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key due to a missing check in the AuthRequestRepository, which is exploitable via the "select account" page. An attacker can determine whether specific userIDs exist by observing responses to...

CVE-2025-53208

Authorization Bypass Through User-Controlled Key vulnerability in paymayapg Maya Business paymaya-checkout-for-woocommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Maya Business: from n/a through = 1.2.0...

WordPress plugin Accessibility Checker by Equalize Digital 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed in the PHP language. WordPress plugin is an application plugin that supports personal blog sites on servers running PHP and MySQL. A security vulnerability exists in WordPress...

CVE-2025-53208

CVE-2025-53208 is a WordPress Maya Business plugin vulnerability affecting versions up to 1.2.0. The connected Red Hat and CVE records describe an authorization bypass through a user-controlled key, enabling an attacker to access functionality not properly constrained by ACLs (Insecure Direct Obj...

PT-2025-33973 · Unknown · Maya Business

Name of the Vulnerable Software and Affected Versions: paymayapg Maya Business versions through 1.2.0 Description: An authorization bypass exists in paymayapg Maya Business due to a user-controlled key. This allows access to functionality not properly constrained by Access Control Lists ACLs...

CVE-2025-54691 WordPress Motors Plugin plugin <= 1.4.80 - Insecure Direct Object References (IDOR) Vulnerability

Authorization Bypass Through User-Controlled Key vulnerability in Stylemix Motors allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Motors: from n/a through 1.4.80...