Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,777 vulnerabilities with CWE-639

CVE-2026-25197 CRITICAL

Gardyn Cloud API Authorization Bypass Through User-Controlled Key

CVE-2026-28736 MEDIUM

Focalboard IDOR in file content endpoint allows cross-user file access (unsupported product, no fix)

CVE-2026-34832 MEDIUM

Scoold: Cross-Account Feedback Deletion (IDOR)

CVE-2026-34584 MEDIUM

listmonk: Broken Access Control in CSV Import (Unauthorized List Assignment)

CVE-2026-5326 MEDIUM

SourceCodester Leave Application System User Information index.php authorization

CVE-2026-5246 MEDIUM

Cesanta Mongoose P-384 Public Key mongoose.c mg_tls_verify_cert_signature authorization

CVE-2026-5199 LOW

Cross Namespace Access via Batch Operation

CVE-2026-3139 MEDIUM

User Profile Builder <= 3.15.5 - Authenticated IDOR via wppb_save_avatar_value()

CVE-2026-32976 MEDIUM

OpenClaw < 2026.3.11 - Account-Scoped configWrites Policy Bypass via Channel Commands

CVE-2026-4400 MEDIUM

1millionbot Millie Chatbot 3.6.0 - Conversation IDOR

CVE-2026-33030 HIGH

Nginx UI: Unencrypted Storage of DNS API Tokens and ACME Private Keys

CVE-2026-3321 HIGH

Authorization Bypass in ON24 Q&A chat

CVE-2026-3124 HIGH

Download Monitor <= 5.1.7 - Insecure Direct Object Reference to Unauthenticated Arbitrary Order Completion via 'token' and 'order_id'

CVE-2026-33946 MEDIUM

MCP Ruby SDK: Insufficient Session Binding Allows SSE Stream Hijacking via Session ID Replay

CVE-2026-34046 HIGH

Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

CVE-2026-31950 MEDIUM

LibreChat's IDOR in SSE Stream Subscription Allows Reading Other Users' Chats

CVE-2026-4958 LOW

OpenBMB XAgent WebSocket Endpoint replayer.py ReplayServer.send_data authorization

CVE-2026-33764 MEDIUM

AVideo: IDOR in AI Plugin Allows Stealing Other Users' AI-Generated Metadata and Transcriptions

CVE-2026-33759 MEDIUM

AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents

CVE-2026-1496 CRITICAL

Coverity CLI Authentication Bypass

CVE-2026-33735 HIGH

MyTube <1.8.69 Database Import - Application Takeover

CVE-2026-33730 MEDIUM

Open Source Point of Sale <3.4.2 Password Change - Insecure Direct Object Reference

CVE-2026-29071 LOW

Open WebUI's Insecure Direct Object Reference (IDOR) allows access to other users' memories

CVE-2026-28788 HIGH

Open WebUI's process_files_batch() endpoint missing ownership check, allows unauthorized file overwrite

CVE-2026-28503 MEDIUM

Tandoor Recipes has Cross-Space IDOR in SyncViewSet.query_synced_folder: missing space scoping on get_object_or_404

Previous Page 13 of 72 Next

Details

Vulnerabilities 1,777

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy