CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,571 vulnerabilities with CWE-639
CVE-2026-1558
MEDIUM
WP Recipe Maker <=10.3.2 - IDOR
CVSS 5.3
CVE-2026-28225
MEDIUM
Manyfold <0.133.1 - Auth Bypass
CVSS 5.3
CVE-2026-28217
MEDIUM
Hoppscotch <2026.2.0 - IDOR
CVSS 6.5
CVE-2026-28216
HIGH
Hoppscotch <2026.2.0 - Privilege Escalation
CVSS 8.3
CVE-2026-27839
MEDIUM
wger <=2.4 - Info Disclosure
CVSS 4.3
CVE-2026-27838
LOW
wger <=2.4 - Info Disclosure
CVSS 3.1
CVE-2026-27835
MEDIUM
wger <=2.4 - Info Disclosure
CVSS 4.3
CVE-2026-27449
HIGH
Umbraco Engage <16.2.1/17.1.1 - Auth Bypass
CVSS 7.5
CVE-2026-26973
MEDIUM
Discourse <2025.12.2/2026.1.1/2026.2.0 - IDOR
CVSS 4.3
CVE-2026-26265
HIGH
Discourse <2025.12.2 - Info Disclosure
CVSS 7.5
CVE-2026-26078
HIGH
Discourse <2025.12.2/2026.1.1/2026.2.0 - Auth Bypass
CVSS 7.5
CVE-2026-27943
MEDIUM
OpenEMR <=8.0.0 - Privilege Escalation
CVSS 6.5
CVE-2026-25930
MEDIUM
OpenEMR <8.0.0 - Auth Bypass
CVSS 6.5
CVE-2026-25929
MEDIUM
OpenEMR <8.0.0 - Auth Bypass
CVSS 6.5
CVE-2026-25927
HIGH
OpenEMR <8.0.0 - Auth Bypass
CVSS 7.1
CVE-2026-25220
MEDIUM
OpenEMR <8.0.0 - Privilege Escalation
CVSS 6.5
CVE-2026-27705
MEDIUM
Plane <1.2.2 - Privilege Escalation
CVSS 6.5
CVE-2026-3185
MEDIUM
sz-boot-parent <=1.3.2-beta - Auth Bypass
CVSS 5.3
CVE-2026-2698
MEDIUM
Tenable Security Center <= 6.8.0 - Improper Access Control
CVSS 6.5
CVE-2026-2697
MEDIUM
Security Center - Privilege Escalation
CVSS 6.3
CVE-2026-2997
MEDIUM
Tronclass - Insecure Direct Object Reference
CVSS 5.4
CVE-2026-24950
HIGH
Authorsy <=1.0.6 - Auth Bypass
CVSS 7.5
CVE-2026-22383
HIGH
PawFriends Theme <=1.3 - Auth Bypass
CVSS 7.5
CVE-2026-26016
HIGH
Wings <1.12.1 - Auth Bypass
CVSS 8.1
CVE-2026-1219
MEDIUM
MP3 Audio Player 4.0-5.10 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities
1,571
Exploit Likelihood
High