VUMETRIC
CYBER PORTAL
Dashboard
Security News
Latest Vulnerabilities
Browse Vulnerabilities
by Vendors
by Products
by Categories
Weekly Reports
Vulnerabilities
> Authorization Bypass Through User-Controlled Key
Exclude new CVEs:
DATE
CVE
VULNERABILITY TITLE
RISK
2025-05-31
CVE-2025-4691
The Free Booking Plugin for Hotels, Restaurants and Car Rentals – eaSYNC Booking plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 1.3.21 via the 'view_request_details' due to missing validation on a user controlled key.
network
low complexity
CWE-639
5.3
5.3
2025-05-26
CVE-2025-5181
Authorization Bypass Through User-Controlled Key vulnerability in Summerpearlgroup Vacation Rental Management Platform
A vulnerability, which was classified as problematic, was found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1.
network
low complexity
summerpearlgroup
CWE-639
4.1
4.1
2025-05-26
CVE-2025-5182
Authorization Bypass Through User-Controlled Key vulnerability in Summerpearlgroup Vacation Rental Management Platform
A vulnerability has been found in Summer Pearl Group Vacation Rental Management Platform up to 1.0.1 and classified as critical.
network
low complexity
summerpearlgroup
CWE-639
7.5
7.5
2025-05-21
CVE-2025-20114
A vulnerability in the API of Cisco Unified Intelligence Center could allow an authenticated, remote attacker to perform a horizontal privilege escalation attack on an affected system. This vulnerability is due to insufficient validation of user-supplied parameters in API requests.
network
low complexity
CWE-639
4.3
4.3
2025-05-14
CVE-2025-3769
The LatePoint – Calendar Booking Plugin for Appointments and Events plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.1.92 via the 'view_booking_summary_in_lightbox' due to missing validation on a user controlled key.
network
low complexity
CWE-639
5.3
5.3
2025-05-14
CVE-2024-8988
The PeepSo Core: File Uploads plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.4.6.0 via the file_download REST API endpoint due to missing validation on a user controlled key.
network
low complexity
CWE-639
5.3
5.3
2025-05-09
CVE-2025-3605
The Frontend Login and Registration Blocks plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.7.
network
low complexity
CWE-639
critical
9.8
9.8
2025-05-09
CVE-2025-3810
Authorization Bypass Through User-Controlled Key vulnerability in Iqonicdesign Wpbookit
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2.
network
low complexity
iqonicdesign
CWE-639
critical
9.8
9.8
2025-05-09
CVE-2025-3811
Authorization Bypass Through User-Controlled Key vulnerability in Iqonicdesign Wpbookit
The WPBookit plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.0.2.
network
low complexity
iqonicdesign
CWE-639
critical
9.8
9.8
2025-05-07
CVE-2025-20214
A vulnerability in the Network Configuration Access Control Module (NACM) of Cisco IOS XE Software could allow an authenticated, remote attacker to obtain unauthorized read access to configuration or operational data. This vulnerability exists because a subtle change in inner API call behavior causes results to be filtered incorrectly.
network
low complexity
CWE-639
4.3
4.3
«
1
(current)
2
3
4
5
...
53
54
»
Next