Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,777 vulnerabilities with CWE-639

CVE-2026-30927 MEDIUM

Admidio <5.0.6 - Privilege Escalation

CVE-2026-30920 HIGH

OneUptime < 10.0.19 - Missing Authorization in GitHub App Callback

CVE-2026-30885 MEDIUM

WWBN AVideo <25.0 - Info Disclosure

CVE-2026-28433 MEDIUM

Misskey 10.93.0-2026.3.0 - Auth Bypass

CVE-2026-30857 MEDIUM

WeKnora < 0.3.0 - Authenticated Cross-Tenant Authorization Bypass via Knowledge Base Copy Endpoint

CVE-2026-30825 NONE

Hoppscotch <2026.2.1 - Privilege Escalation

CVE-2026-30823 HIGH

Flowise < 3.0.13 - Unauthenticated IDOR and Account Takeover via SSO Configuration

CVE-2026-30231 MEDIUM

Flare < 1.7.2 - Authenticated Authorization Bypass via Raw and Direct File Routes

CVE-2026-30230 HIGH

Flare < 1.7.2 - Unauthenticated Password Bypass in Thumbnail Endpoint

CVE-2026-30843 MEDIUM

Wekan 8.32-8.33 - Authenticated Insecure Direct Object Reference in Custom Fields Endpoint

CVE-2026-25877 MEDIUM

Chartbrew <4.8.1 - Privilege Escalation

CVE-2026-28469 HIGH

OpenClaw < 2026.2.14 - Authorization Bypass via Google Chat Webhook Path Ambiguity

CVE-2026-27898 MEDIUM

Vaultwarden <1.35.4 - Info Disclosure

CVE-2026-29069 MEDIUM

Craft CMS <5.9.0-beta.2/4.17.0-beta.2 - Auth Bypass

CVE-2026-28782 MEDIUM

Craft CMS <5.9.0-beta.1/4.17.0-beta.1 - Privilege Escalation

CVE-2026-28781 MEDIUM

Craft CMS <4.17.0-beta.1/5.9.0-beta.1 - Privilege Escalation

CVE-2026-28696 HIGH

Craft CMS <4.17.0-beta.1/5.9.0-beta.1 - Info Disclosure

CVE-2026-0020 HIGH

ParsedPermissionUtils - Privilege Escalation

CVE-2026-28361 MEDIUM

NocoDB <0.301.3 - Privilege Escalation

CVE-2026-28354 MEDIUM

ClipBucket <5.5.3 #59 - Privilege Escalation

CVE-2026-27793 MEDIUM

seerr < 3.1.0 - Authenticated Information Disclosure via User Settings Endpoint

CVE-2026-25147 HIGH

OpenEMR < 8.0.0 - Horizontal Privilege Escalation via Patient ID Override

CVE-2026-1558 MEDIUM

WP Recipe Maker <= 10.3.2 - Unauthenticated Insecure Direct Object Reference via Instacart Integration API

CVE-2026-28225 MEDIUM

Manyfold < 0.133.1 - Authorization Bypass via ModelFilesController get_model Method

CVE-2026-28217 MEDIUM

hoppscotch < 2026.2.0 - Authenticated Insecure Direct Object Reference via userCollection GraphQL Query

Previous Page 17 of 72 Next

Details

Vulnerabilities 1,777

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy