CVEs classified under CWE-566, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (5)
CVE-2025-9953 — CVSS 9.8 (critical): Authorization Bypass Through User-Controlled SQL Primary Key vulnerability in DATABASE Software Training Consulting Ltd. Databank…
CVE-2014-0808 — CVSS 9.1 (critical): Authorization bypass through user-controlled key issue exists in EC-CUBE 2.11.0 through 2.12.2 and EC-Orange systems deployed before June…
CVE-2025-56556 — CVSS 3.8 (low): An issue was discovered in Subrion CMS 4.2.1, allowing authenticated adminitrators or moderators with access to the built-in Run SQL Query…
CVE-2025-30369 — CVSS 2.7 (low): Zulip is an open-source team collaboration tool. The API for deleting an organization custom profile field is supposed to be restricted to…
CVE-2025-30368 — CVSS 2.7 (low): Zulip is an open-source team collaboration tool. The API for deleting an organization export is supposed to be restricted to organization…