Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,729)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-57994 - - Apr 23, 2026 Sep 22, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists upcoming-events-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Upcomi...Show more Authorization Bypass Through User-Controlled Key vulnerability in Sayful Islam Upcoming Events Lists upcoming-events-lists allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Upcoming Events Lists: from n/a through <= 1.4.0.Show less
CVE-2025-0875 - - Feb 11, 2026 Sep 22, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Stude...Show more Authorization Bypass Through User-Controlled Key vulnerability in PROLIZ Computer Software Hardware Service Trade Ltd. Co. OBS (Student Affairs Information System) allows Parameter Injection.This issue affects OBS (Student Affairs Information System): before v26.0328.Show less
CVE-2025-10759 1Webkul 1Qloapps Oct 30, 2025 Sep 21, 2025 5.5 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack...Show more A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack may be initiated remotely. The exploit is now public and may be used. The vendor explains: "As We are already aware about this vulnerability and our Internal team are already working on this issue. (...) We'll implement the fix for this vulnerability in our next major release."Show less
CVE-2025-9081 1Mattermost 1Mattermost Server Sep 25, 2025 Sep 19, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Mattermost versions 10.5.x <= 10.5.8, 9.11.x <= 9.11.17 fail to properly validate access controls which allows any authenticated user to download sensitive files via board file download endpoint using UUID enumeration
CVE-2025-43803 1Liferay 2Digital Experience Platform Liferay Portal Dec 16, 2025 Sep 19, 2025 6.9 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 throug...Show more Insecure direct object reference (IDOR) vulnerability in the Contacts Center widget in Liferay Portal 7.4.0 through 7.4.3.119, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote attackers to view contact information, including the contact’s name and email address, via the _com_liferay_contacts_web_portlet_ContactsCenterPortlet_entryId parameter.Show less
CVE-2025-8532 - - Jun 5, 2026 Sep 19, 2025 N/A· v4 6.4 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA...Show more Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing. This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166.Show less
CVE-2025-10719 - - Sep 19, 2025 Sep 19, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files.
CVE-2025-5948 - - Sep 19, 2025 Sep 19, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity p...Show more The Service Finder Bookings plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 6.0. This is due to the plugin not properly validating a user's identity prior to claiming a business when using the claim_business AJAX action. This makes it possible for unauthenticated attackers to login as any user including admins. Please note that subscriber privileges or brute-forcing are needed when completing the business takeover. The claim_id is needed to takeover the admin account, but brute-forcing is a practical approach to obtaining valid IDs.Show less
CVE-2025-10493 - - Sep 18, 2025 Sep 18, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. Thi...Show more The Chained Quiz plugin for WordPress is vulnerable to Insecure Direct Object Reference in version 1.3.4 and below via the quiz submission and completion mechanisms due to missing validation on a user controlled key. This makes it possible for unauthenticated attackers to hijack and modify other users' quiz attempts by manipulating the chained_completion_id cookie value, allowing them to alter quiz answers, scores, and results of any user. The vulnerability was partially patched in versions 1.3.4 and 1.3.5.Show less
CVE-2025-8463 - - Jun 5, 2026 Sep 17, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in SecHard Information Technologies SecHard allows Forceful Browsing. This issue affects SecHard: before 3.6.2-20250805.
CVE-2025-8057 - - Jun 5, 2026 Sep 16, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in...Show more Authorization Bypass Through User-Controlled Key, Externally Controlled Reference to a Resource in Another Sphere, Improper Authorization vulnerability in Patika Global Technologies HumanSuite allows Exploiting Trust in Client. This issue affects HumanSuite: before 53.21.0.Show less
CVE-2025-7355 - - Jun 5, 2026 Sep 16, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability in Beefull Energy Technologies Beefull App allows Exploitation of Trusted Identifiers. This issue affects Beefull App: before 24.07.2025.
CVE-2025-5518 - - Jun 5, 2026 Sep 16, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Authorization Bypass Through User-Controlled Key vulnerability with user privileges in ArgusTech BILGER allows Exploitation of Trusted Identifiers. This issue affects BILGER: before 2.4.6.
CVE-2025-43790 1Liferay 2Digital Experience Platform Liferay Portal Dec 16, 2025 Sep 11, 2025 7.4 HIGH· v4 8.1 HIGH· v3 N/A· v2 Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authen...Show more Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.6, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to access, create, edit, relate data/object entries/definitions to an object in a different virtual instance.Show less
CVE-2025-43782 1Liferay 2Digital Experience Platform Liferay Portal Dec 16, 2025 Sep 11, 2025 5.3 MEDIUM· v4 4.3 MEDIUM· v3 N/A· v2 Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authe...Show more Insecure Direct Object Reference (IDOR) vulnerability in Liferay Portal 7.4.0 through 7.4.3.124, and Liferay DXP 2024.Q2.0 through 2024.Q2.7, 2024.Q1.1 through 2024.Q1.12, and 7.4 GA through update 92 allows remote authenticated users to access a workflow definition by name via the APIShow less
CVE-2025-59034 1Cern 1Indico Sep 17, 2025 Sep 10, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details...Show more Indico is an event management system that uses Flask-Multipass, a multi-backend authentication system for Flask. Prior to version 3.3.8, a legacy API to retrieve user details could be misused to retrieve profile details of other users without having admin permissions due to a broken access check. Users should to update to Indico 3.3.8 as soon as possible. As a workaround, it is possible to restrict access to the affected API (e.g. in the webserver config).Show less
CVE-2025-7718 - - Sep 11, 2025 Sep 10, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not prop...Show more The Resideo Plugin for Resideo - Real Estate WordPress Theme plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.5.4. This is due to the plugin not properly validating a user's identity prior to updating their details like email. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.Show less
CVE-2025-7049 - - Sep 11, 2025 Sep 10, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a...Show more The WPGYM - Wordpress Gym Management System plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 67.7.0 via the 'MJ_gmgt_gmgt_add_user' function due to missing validation on a user controlled key. This makes it possible for authenticated attackers, with Subscriber-level access and above, to change the email, password, and other details of any user, including Administrator users.Show less
CVE-2025-52389 - - Sep 9, 2025 Sep 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 An Insecure Direct Object Reference (IDOR) in Envasadora H2O Eireli - Soda Cristal v40.20.4 allows authenticated attackers to access sensitive data for other users via a crafted HTTP request.
CVE-2025-9114 - - Apr 8, 2026 Sep 8, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass author...Show more The Doccure theme for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 1.5.0. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unauthenticated attackers to change user passwords and potentially take over administrator accounts.Show less

Previous 1...363738...87 Next