CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,571 vulnerabilities with CWE-639
CVE-2026-25324
MEDIUM
Quiz And Survey Master <=10.3.4 - Auth Bypass
CVSS 5.3
CVE-2026-25005
MEDIUM
N-Media Frontend File Manager <=23.5 - Auth Bypass
CVSS 5.3
CVE-2026-25120
LOW
Gogs <=0.13.4 - Auth Bypass
CVSS 2.7
CVE-2026-2230
MEDIUM
Booking Calendar Plugin <10.14.14 - IDOR
CVSS 4.3
CVE-2026-1436
MEDIUM
Graylog 2.2.3 - Privilege Escalation
CVSS 6.5
CVE-2026-1987
MEDIUM
Scheduler Widget plugin <0.1.6 - Insecure Direct Object Reference
CVSS 5.4
CVE-2026-1619
HIGH
Universal Software Inc. FlexCity/Kiosk <1.0.36 - Auth Bypass
CVSS 8.3
CVE-2026-1080
MEDIUM
Gitlab < 18.6.6 - IDOR
CVSS 4.3
CVE-2026-25530
MEDIUM
Kanboard < 1.2.50 - IDOR
CVSS 4.3
CVE-2026-25497
HIGH
Cms < 5.9.0-beta.1 - IDOR
CVSS 8.8
CVE-2026-24900
MEDIUM
MarkUs <2.9.1 - Info Disclosure
CVSS 6.5
CVE-2026-25567
MEDIUM
Wekan < 8.19 - IDOR
CVSS 4.3
CVE-2026-25564
HIGH
Wekan < 8.19 - IDOR
CVSS 7.5
CVE-2026-25563
HIGH
Wekan < 8.19 - IDOR
CVSS 7.5
CVE-2026-25757
MEDIUM
Rubygems Spree Storefront < 5.0.8 - IDOR
CVSS 5.3
CVE-2026-25758
HIGH
Rubygems Spree API < 4.10.3 - Improper Access Control
CVSS 7.5
CVE-2026-25574
MEDIUM
NPM Payload < 3.74.0 - IDOR
CVSS 5.4
CVE-2026-24776
MEDIUM
OpenProject <17.0.2 - Info Disclosure
CVSS 4.3
CVE-2026-2010
MEDIUM
Sanluan PublicCMS <4.0-6.202506.d - Privilege Escalation
CVSS 4.2
CVE-2026-1228
MEDIUM
Timeline Block <1.3.3 - Info Disclosure
CVSS 4.3
CVE-2026-1271
MEDIUM
ProfileGrid - User Profiles, Groups and Communities <5.9.7.2 - Inse...
CVSS 5.3
CVE-2026-24773
HIGH
Gunet Open Eclass Platform < 4.2 - IDOR
CVSS 7.5
CVE-2026-24991
MEDIUM
HT Plugins Extensions For CF7 <3.4.0 - Auth Bypass
CVSS 5.3
CVE-2026-1664
MEDIUM
NPM Agents < 0.3.7 - IDOR
CVE-2026-1375
HIGH
Tutor LMS - IDOR
CVSS 8.1
Details
Vulnerabilities
1,571
Exploit Likelihood
High