broken-access-control 23
- IDOR in Password Reset API Leads to Administrator Account Takeover | TheForms
- Password Change IDOR Leads to Administrator Account Takeover | Noted
- GraphQL Role Parameter Abuse Leads to Restricted Medical Note Disclosure | Clearance
- Authentication Bypass – Direct Dashboard Access | Pivot HR
- IDOR – Unauthorized Grant Approval via Workflow Manipulation | Briarcliff Foundation
- Privilege Escalation – Unsigned Session Token Tampering | Spindrift Workspace
- Privilege Escalation – Client-Side Role Cookie Tampering | Session Swap
- Privilege Escalation – JWT None Algorithm Abuse | Stargate Atlas
- Mass Assignment – Role Escalation | Salt Brook Pilates
- IDOR – Account Export Data Disclosure | Remittance
- X-Forwarded-For Spoofing – Internal Staff Portal Access Control Bypass | Brackish Brewing Co.
- Missing Access Control – Unrestricted Staff Portal Exposure | Coltsfoot Community Center
- IDOR via Sequential Order IDs | Cheesy Does It
- Broken Access Control – Admin Access Token Brute Force Leads to Unauthorized Admin Access | Gift List
- Broken Access Control – Role Manipulation via User Registration | Tanuki
- IDOR – Unauthorized Access to Shared Notes via Base64 ID Manipulation | BugForge
- Broken Access Control – Unauthorized Stats Modification via HTTP Method Manipulation | BugForge
- Broken Access Control – Credential Leakage to Privilege Escalation | Silver Platter
- IDOR – Password Disclosure via Insecure Direct Object Reference | User ID Controlled by Request Parameter
- IDOR – Unauthorized Access via Predictable Identifier Manipulation | User ID Controlled by Request Parameter
- Broken Access Control – Privilege Escalation via Client-Controlled Cookie | Privilege Escalation via Client-Controlled Cookie
- Broken Access Control – Unprotected Admin Panel via Unpredictable URL Leading to Privilege Escalation | Unprotected Admin Panel
- Broken Access Control – Unprotected Admin Functionality Leading to Privilege Escalation | Unprotected Admin Functionality