CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,321 vulnerabilities with CWE-639
CVE-2026-30857
MEDIUM
WeKnora <0.3.0 - Auth Bypass
CVSS 5.3
CVE-2026-30825
NONE
Hoppscotch <2026.2.1 - Privilege Escalation
CVE-2026-30823
HIGH
Flowise <3.0.13 - IDOR
CVSS 8.8
CVE-2026-30231
Flare <1.7.2 - Auth Bypass
CVE-2026-30230
Flare <1.7.2 - Auth Bypass
CVE-2026-30843
Wekan 8.32-8.33 - IDOR
CVE-2026-28469
HIGH
OpenClaw <2026.2.14 - Auth Bypass
CVSS 7.5
CVE-2026-27898
MEDIUM
Vaultwarden <1.35.4 - Info Disclosure
CVSS 5.4
CVE-2026-29069
MEDIUM
Craft CMS <5.9.0-beta.2/4.17.0-beta.2 - Auth Bypass
CVSS 5.3
CVE-2026-28782
MEDIUM
Craft CMS <5.9.0-beta.1/4.17.0-beta.1 - Privilege Escalation
CVSS 4.3
CVE-2026-28781
MEDIUM
Craft CMS <4.17.0-beta.1/5.9.0-beta.1 - Privilege Escalation
CVSS 6.5
CVE-2026-28696
HIGH
Craft CMS <4.17.0-beta.1/5.9.0-beta.1 - Info Disclosure
CVSS 7.5
CVE-2026-0020
HIGH
ParsedPermissionUtils - Privilege Escalation
CVSS 8.4
CVE-2026-28361
MEDIUM
NocoDB <0.301.3 - Privilege Escalation
CVSS 6.3
CVE-2025-58402
HIGH
CGM CLININET - Auth Bypass
CVSS 7.5
CVE-2026-28354
MEDIUM
ClipBucket <5.5.3 #59 - Privilege Escalation
CVSS 6.5
CVE-2026-27793
MEDIUM
Seerr <3.1.0 - Info Disclosure
CVSS 6.5
CVE-2026-25147
HIGH
OpenEMR <8.0.0 - Auth Bypass
CVSS 7.1
CVE-2026-1558
MEDIUM
WP Recipe Maker <=10.3.2 - IDOR
CVSS 5.3
CVE-2026-28225
MEDIUM
Manyfold <0.133.1 - Auth Bypass
CVSS 5.3
CVE-2026-28217
MEDIUM
Hoppscotch <2026.2.0 - IDOR
CVSS 6.5
CVE-2026-28216
HIGH
Hoppscotch <2026.2.0 - Privilege Escalation
CVSS 8.3
CVE-2026-27839
MEDIUM
wger <=2.4 - Info Disclosure
CVSS 4.3
CVE-2026-27838
LOW
wger <=2.4 - Info Disclosure
CVSS 3.1
CVE-2026-27835
MEDIUM
wger <=2.4 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities
1,321
Exploit Likelihood
High