Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,572 vulnerabilities with CWE-639

CVE-2026-22396 MEDIUM

Mikado-Themes Fiorello <=1.0 - Auth Bypass

CVE-2026-22393 MEDIUM

Mikado-Themes Curly <3.3 - Auth Bypass

CVE-2026-22391 MEDIUM

Mikado-Themes Cocco <1.5.2 - Auth Bypass

CVE-2026-23964 MEDIUM

Mastodon <4.5.5-4.3.18 - Info Disclosure

CVE-2026-23754 HIGH

D-Link D-View 8 <2.0.1.107 - Privilege Escalation

CVE-2026-23844 MEDIUM

Whisper Money <0.1.5 - Info Disclosure

CVE-2026-23843 HIGH

teklifolustur_app - IDOR

CVE-2026-23522 LOW

LobeChat <2.0.0-next.193 - Privilege Escalation

CVE-2026-23478 CRITICAL

Cal.com <6.0.7 - Auth Bypass

CVE-2026-22050 MEDIUM

Netapp Ontap - IDOR

CVE-2026-22589 HIGH

Spree < 4.10.2 - IDOR

CVE-2026-21409 MEDIUM

RICOH Streamline NX 3.5.1-24R3 - Info Disclosure

CVE-2026-22588 MEDIUM

Spree < 4.10.2 - IDOR

CVE-2026-22235 HIGH

OPEXUS eComplaint <9.0.45.0 - Info Disclosure

CVE-2026-22234 CRITICAL

OPEXUS eCasePortal <9.0.45.0 - Info Disclosure

CVE-2026-22489 MEDIUM

Wptexture Image Slider Slideshow <1.8 - Auth Bypass

CVE-2026-21447 HIGH

Webkul Bagisto < 2.3.10 - Improper Access Control

CVE-2025-15626 MEDIUM

Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application

CVE-2025-66286 MEDIUM

Webkitgtk: authorization bypass through webpage::send-request signal handler

CVE-2025-66954 MEDIUM

Buffalo Link Station 1.85-0.01 - Info Disclosure

CVE-2025-13822 MEDIUM

Authentication bypass in MCPHub

CVE-2025-14974 MEDIUM

IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference

CVE-2025-69347 HIGH

WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability

CVE-2025-32223 MEDIUM

WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

CVE-2025-69727 MEDIUM

INDEX-EDUCATION PRONOTE <2025.2.8 - Info Disclosure

Previous Page 13 of 63 Next

Details

Vulnerabilities 1,572

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy