8 matches found
CVE-2025-46386
CWE-639 Authorization Bypass Through User-Controlled Key...
CVE-2025-46387
CVE-2025-46387 describes an authorization bypass in Emby MediaBrowser (a media server) via a user-controlled key (CWE-639). The vulnerability is documented across multiple feeds (NVD/NVD-derived, CNVD, ENISA ENISA EUVD, CCTV-like references), consistently noting an authorization bypass mechanism ...
CVE-2024-43239 WordPress Masteriyo LMS plugin <= 1.11.4 - Insecure Direct Object Reference (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through = 1.11.4...
CVE-2024-35659 WordPress KiviCare plugin <= 3.6.6 - Insecure Direct Object References (IDOR) vulnerability
Missing Authorization vulnerability in Iqonic Design KiviCare kivicare-clinic-management-system allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiviCare: from n/a through = 3.6.6...
CVE-2024-31296 WordPress BookingPress plugin <= 1.0.81 - Insecure Direct Object References (IDOR) vulnerability
Authorization Bypass Through User-Controlled Key vulnerability in Repute Infosystems BookingPress.This issue affects BookingPress: from n/a through 1.0.81...
Authorization
An authorization bypass through user-controlled key vulnerability CWE-639 in FortiOS version 7.4.0 through 7.4.1, 7.2.0 through 7.2.6, 7.0.1 through 7.0.13, 6.4.7 through 6.4.14, and FortiProxy version 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 SSL-VPN may allow an authenticat...
CVE-2023-2065 IDOR in Armoli Technology's Cargo Tracking System
Authorization Bypass Through User-Controlled Key vulnerability in Armoli Technology Cargo Tracking System allows Authentication Abuse, Authentication Bypass. This issue affects Cargo Tracking System: before 3558f28...
Authorization
Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15...