Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,777 vulnerabilities with CWE-639

CVE-2026-2888 MEDIUM

Formidable Forms WordPress Plugin <=6.28 - Auth Bypass

CVE-2026-2879 MEDIUM

GetGenie WordPress Plugin <=4.3.2 - Insecure Direct Object Reference

CVE-2026-2257 MEDIUM

GetGenie WordPress Plugin <=4.3.2 - Stored XSS

CVE-2026-1704 MEDIUM

Appointment Booking Calendar <1.6.9.29 - Insecure Direct Object Reference

CVE-2026-2366 LOW

Red Hat build of Keycloak 26.4 - Authenticated Authorization Bypass in Admin API

CVE-2026-32131 HIGH

ZITADEL <3.4.8/4.12.2 - Info Disclosure

CVE-2026-27591 CRITICAL

Winter CMS <1.0.477/1.1.12/1.2.12 - Privilege Escalation

CVE-2026-32104 MEDIUM

StudioCMS <0.4.3 - Privilege Escalation

CVE-2026-32103 MEDIUM

StudioCMS <0.4.3 - Privilege Escalation

CVE-2026-32097 HIGH

PingPong < 7.27.2 - Authenticated Authorization Bypass via File Retrieval and Deletion

CVE-2026-31874 CRITICAL

Taskosaur 1.0.0 - Privilege Escalation

CVE-2026-31867 MEDIUM

Craft Commerce <4.11.0/5.6.0 - IDOR

CVE-2026-1992 HIGH

ExactMetrics 8.6.0-9.0.2 - Auth Bypass

CVE-2026-2918 MEDIUM

Happy Addons for Elementor <3.21.0 - Privilege Escalation

CVE-2026-2917 MEDIUM

Happy Addons for Elementor <3.21.0 - IDOR

CVE-2026-1753 MEDIUM

Gutena Forms <1.6.1 - Privilege Escalation

CVE-2026-3453 HIGH

ProfilePress <=4.16.11 - Insecure Direct Object Reference

CVE-2026-31832 MEDIUM

Umbraco 14.0.0-16.5.0/17.0.0-17.2.1 - Privilege Escalation

CVE-2026-31820 MEDIUM

Sylius < 2.0.16, 2.1.12, 2.2.3 - Shop LiveComponents IDOR

CVE-2026-30954 MEDIUM

LinkAce <=2.1.0 - Privilege Escalation

CVE-2026-3306 MEDIUM

GitHub Enterprise Server - Privilege Escalation

CVE-2026-30969 CRITICAL

Coral Server < 1.1.0 - Unauthenticated Session Impersonation via Weak Session Identifier

CVE-2026-30959 MEDIUM

OneUptime < 10.0.21 - Authenticated Authorization Bypass via Resend-Verification-Code Endpoint

CVE-2026-30945 HIGH

StudioCMS <0.4.0 - Privilege Escalation

CVE-2026-30944 HIGH

StudioCMS <0.4.0 - Privilege Escalation

Previous Page 16 of 72 Next

Details

Vulnerabilities 1,777

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy