Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,722)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2026-1733 1Crmeb 1Crmeb Apr 29, 2026 Feb 1, 2026 2.1 LOW· v4 4.3 MEDIUM· v3 4.0 MEDIUM· v2 A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper au...Show more A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The attack can be initiated remotely. The exploit is publicly available and might be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2026-1251 - - Feb 3, 2026 Jan 31, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'add_reply' function due to missing...Show more The SupportCandy – Helpdesk & Customer Support Ticket System plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.4.4 via the 'add_reply' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with subscriber-level access and above, to steal file attachments uploaded by other users by specifying arbitrary attachment IDs in the 'description_attachments' parameter, re-associating those files to their own tickets and removing access from the original owners.Show less
CVE-2025-36365 1Ibm 1Db2 Feb 5, 2026 Jan 30, 2026 N/A· v4 7.5 HIGH· v3 N/A· v2 IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthor...Show more IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 11.5.0 - 11.5.9 and 12.1.0 - 12.1.3 under specific configuration of cataloged remote storage aliases could allow an authenticated user to execute unauthorized commands due to an authorization bypass vulnerability using a user-controlled key.Show less
CVE-2020-37008 - - Jan 29, 2026 Jan 29, 2026 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by inj...Show more EasyPMS 1.0.0 contains an authentication bypass vulnerability that allows unprivileged users to manipulate SQL queries in JSON requests to access admin user information. Attackers can exploit weak input validation by injecting single quotes in ID parameters and modify admin user passwords without proper token authentication.Show less
CVE-2025-7013 1Qrmenumpro 1Menu Panel Mar 9, 2026 Jan 29, 2026 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026. NOTE: The vendor w...Show more Authorization Bypass Through User-Controlled Key vulnerability in QR Menu Pro Smart Menu Systems Menu Panel allows Exploitation of Trusted Identifiers.This issue affects Menu Panel: through 29012026. NOTE: The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-65887 1Oneflow 1Oneflow Feb 28, 2026 Jan 28, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 A division-by-zero vulnerability in the flow.floor_divide() component of OneFlow v0.9.0 allows attackers to cause a Denial of Service (DoS) via a crafted input tensor with zero.
CVE-2026-1389 - - Apr 8, 2026 Jan 28, 2026 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying...Show more The Document Embedder – Embed PDFs, Word, Excel, and Other Files plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.4. This is due to the plugin not verifying that a user has permission to access the requested resource in the 'bplde_save_document_library', 'bplde_get_single', and 'bplde_delete_document_library' AJAX actions. This makes it possible for authenticated attackers, with Author-level access and above, to read, modify, and delete Document Library entries created by other users, including administrators, via the 'id' parameter.Show less
CVE-2026-24134 1Studiocms 1Studiocms Mar 17, 2026 Jan 28, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allow...Show more StudioCMS is a server-side-rendered, Astro native, headless content management system. Versions prior to 0.2.0 contain a Broken Object Level Authorization (BOLA) vulnerability in the Content Management feature that allows users with the "Visitor" role to access draft content created by Editor/Admin/Owner users. Version 0.2.0 patches the issue.Show less
CVE-2026-1213 1Askbot 1Askbot Apr 14, 2026 Jan 27, 2026 5.3 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.12.2.
CVE-2025-9520 1Tp Link 1Omada Controller Mar 11, 2026 Jan 26, 2026 8.3 HIGH· v4 6.8 MEDIUM· v3 N/A· v2 An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account.
CVE-2025-14459 - - Jan 27, 2026 Jan 26, 2026 N/A· v4 8.5 HIGH· v3 N/A· v2 A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataI...Show more A flaw was found in KubeVirt Containerized Data Importer (CDI). This vulnerability allows a user to clone PersistentVolumeClaims (PVCs) from unauthorized namespaces, resulting in unauthorized access to data via the DataImportCron PVC source mechanism.Show less
CVE-2026-24136 1Saleor 1Saleor Feb 12, 2026 Jan 24, 2026 8.7 HIGH· v4 7.5 HIGH· v3 N/A· v2 Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows unauthenticated acto...Show more Saleor is an e-commerce platform. Versions 3.2.0 through 3.20.109, 3.21.0-a.0 through 3.21.44 and 3.22.0-a.0 through 3.22.28 have a n Insecure Direct Object Reference (IDOR) vulnerability that allows unauthenticated actors to extract sensitive information in plain text. Orders created before Saleor 3.2.0 could have PIIs exfiltrated. The issue has been patched in Saleor versions: 3.22.29, 3.21.45, and 3.20.110. To workaround, temporarily block non-staff users from fetching order information (the order() GraphQL query) using a WAF.Show less
CVE-2026-24634 - - Jan 26, 2026 Jan 23, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews:...Show more Authorization Bypass Through User-Controlled Key vulnerability in Rustaurius Ultimate Reviews ultimate-reviews allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ultimate Reviews: from n/a through <= 3.2.16.Show less
CVE-2026-24631 - - Apr 28, 2026 Jan 23, 2026 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Mikado-Themes Rosebud rosebud allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Rosebud: from n/a through <= 1.4.
CVE-2026-24599 - - Jan 26, 2026 Jan 23, 2026 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMo...Show more Authorization Bypass Through User-Controlled Key vulnerability in XLPlugins NextMove Lite woo-thank-you-page-nextmove-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects NextMove Lite: from n/a through <= 2.23.0.Show less
CVE-2026-20912 1Gitea 1Gitea Jan 29, 2026 Jan 22, 2026 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making...Show more Gitea does not properly validate repository ownership when linking attachments to releases. An attachment uploaded to a private repository could potentially be linked to a release in a different public repository, making it accessible to unauthorized users.Show less
CVE-2026-20904 1Gitea 1Gitea Jan 29, 2026 Jan 22, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Gitea does not properly validate ownership when toggling OpenID URI visibility. An authenticated user may be able to change the visibility settings of other users' OpenID identities.
CVE-2026-20897 1Gitea 1Gitea Jan 29, 2026 Jan 22, 2026 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Gitea does not properly validate repository ownership when deleting Git LFS locks. A user with write access to one repository may be able to delete LFS locks belonging to other repositories.
CVE-2026-1201 - - Jan 29, 2026 Jan 22, 2026 9.4 CRITICAL· v4 N/A· v3 N/A· v2 An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside o...Show more An Authorization Bypass Through User-Controlled Key vulnerability in Hubitat Elevation home automation controllers prior to version 2.4.2.157 could allow a remote authenticated user to control connected devices outside of their authorized scope via client-side request manipulation.Show less
CVE-2026-24379 - - Apr 28, 2026 Jan 22, 2026 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a...Show more Authorization Bypass Through User-Controlled Key vulnerability in wpjobportal WP Job Portal wp-job-portal allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Job Portal: from n/a through <= 2.4.3.Show less

Previous 1...232425...87 Next