authorization-bypass 9

• GraphQL Role Parameter Abuse Leads to Restricted Medical Note Disclosure | Clearance Jun 3, 2026
• IDOR – Unauthorized Grant Approval via Workflow Manipulation | Briarcliff Foundation Jun 1, 2026
• Next.js Middleware Authorization Bypass (CVE-2025-29927) | BugVault Jun 1, 2026
• IDOR via WebSocket Subscription – Cross-Order Data Exposure | JoyStick May 16, 2026
• IDOR via Sequential Order IDs | Cheesy Does It May 11, 2026
• Broken Access Control – Admin Access Token Brute Force Leads to Unauthorized Admin Access | Gift List Apr 30, 2026
• Broken Access Control – Privilege Escalation via Client-Controlled Cookie | Privilege Escalation via Client-Controlled Cookie Mar 28, 2026
• Broken Access Control – Unprotected Admin Panel via Unpredictable URL Leading to Privilege Escalation | Unprotected Admin Panel Mar 28, 2026
• Broken Access Control – Unprotected Admin Functionality Leading to Privilege Escalation | Unprotected Admin Functionality Mar 28, 2026