Authorization Bypass Through User-Controlled Key

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

CVEs (1,770)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2025-24850 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An attacker can export other users' plant information.
CVE-2025-24315 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated attackers can add devices of other users to their scenes (or arbitrary scenes of other arbitrary users).
CVE-2025-31949 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An authenticated attacker can obtain any plant name by knowing the plant ID.
CVE-2025-31941 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An unauthenticated attacker can obtain a list of smart devices by knowing a valid username.
CVE-2025-31933 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An unauthenticated attacker can check the existence of usernames in the system by querying an API.
CVE-2025-31357 1Growatt 1Cloud Portal Nov 14, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An unauthenticated attacker can obtain a user's plant list by knowing the username.
CVE-2025-30514 1Growatt 1Cloud Portal Nov 12, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "scenes").
CVE-2025-30254 1Growatt 1Cloud Portal Nov 12, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An unauthenticated attacker can obtain a serial number of a smart meter(s) using its owner's username.
CVE-2025-27939 1Growatt 1Cloud Portal Nov 12, 2025 Apr 15, 2025 6.9 MEDIUM· v4 7.5 HIGH· v3 N/A· v2 An attacker can change registered email addresses of other users and take over arbitrary accounts.
CVE-2025-27938 1Growatt 1Cloud Portal Nov 12, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 Unauthenticated attackers can obtain restricted information about a user's smart device collections (i.e., "rooms").
CVE-2025-27568 1Growatt 1Cloud Portal Nov 12, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An unauthenticated attacker can get users' emails by knowing usernames. A password reset email will be sent in response to this unsolicited request.
CVE-2025-24487 1Growatt 1Cloud Portal Nov 12, 2025 Apr 15, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 N/A· v2 An unauthenticated attacker can infer the existence of usernames in the system by querying an API.
CVE-2025-3575 - - Apr 15, 2025 Apr 15, 2025 8.7 HIGH· v4 N/A· v3 N/A· v2 Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" e...Show more Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/establecerUsuarioSeleccion" endpoint.Show less
CVE-2025-3574 - - Apr 15, 2025 Apr 15, 2025 8.7 HIGH· v4 N/A· v3 N/A· v2 Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoi...Show more Insecure Direct Object Reference vulnerability in Deporsite from T-INNOVA allows an attacker to retrieve sensitive information from others users via "idUsuario" parameter in "/helper/Familia/obtenerFamiliaUsuario" endpoint.Show less
CVE-2025-3537 1Tutorials Website 1Employee Management System Jun 5, 2025 Apr 13, 2025 6.9 MEDIUM· v4 5.3 MEDIUM· v3 5.0 MEDIUM· v2 A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID lead...Show more A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-3536 1Tutorials Website 1Employee Management System Jun 5, 2025 Apr 13, 2025 6.9 MEDIUM· v4 6.5 MEDIUM· v3 6.4 MEDIUM· v2 A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the a...Show more A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the argument ID leads to improper authorization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.Show less
CVE-2025-3292 1Wpeverest 1User Registration & Membership Jul 8, 2025 Apr 12, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_...Show more The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_update_profile_details() due to missing validation on the 'user_id' user controlled key. This makes it possible for unauthenticated attackers to update other user's passwords, if they have access to the user ID and email.Show less
CVE-2025-3282 1Wpeverest 1User Registration & Membership Jul 8, 2025 Apr 12, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_...Show more The User Registration & Membership – Custom Registration Form, Login Form, and User Profile plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.3 via the user_registration_membership_register_member() due to missing validation on the 'membership_id' user controlled key. This makes it possible for unauthenticated attackers to update any user's membership to any other active or non-active membership type.Show less
CVE-2025-32373 1Dnnsoftware 1Dotnetnuke Aug 26, 2025 Apr 9, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal fil...Show more DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. In limited configurations, registered users may be able to craft a request to enumerate/access some portal files they should not have access to. This vulnerability is fixed in 9.13.8.Show less
CVE-2025-2526 - - Apr 8, 2025 Apr 8, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updati...Show more The Streamit theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.2. This is due to the plugin not properly validating a user's identity prior to updating their details like email in the 'st_Authentication_Controller::edit_profile' function. This makes it possible for unauthenticated attackers to change arbitrary user's email addresses, including administrators, and leverage that to reset the user's password and gain access to their account.Show less

Previous 1...454647...89 Next