Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,572 vulnerabilities with CWE-639

CVE-2025-34436 HIGH

Wwbn Avideo < 20.0 - IDOR

CVE-2025-34435 MEDIUM

Wwbn Avideo < 20.0 - IDOR

CVE-2025-67165 CRITICAL

CVE-2025-14101 HIGH

PaperWork <6.0 - Auth Bypass

CVE-2025-11924 HIGH

Ninjaforms Ninja Forms < 3.13.1 - IDOR

CVE-2025-64012 MEDIUM

Invoiceplane - IDOR

CVE-2025-13474 HIGH

Menulux Software Inc. Mobile App <9.5.8 - Auth Bypass

CVE-2025-68071 MEDIUM

g5theme Essential Real Estate <= 5.2.2 - Auth Bypass

CVE-2025-67985 MEDIUM

Barn2 Plugins Document Library Lite - Auth Bypass

CVE-2025-66132 MEDIUM

FAPI Member <2.2.26 - Auth Bypass

CVE-2025-64011 MEDIUM

Nextcloud Server - IDOR

CVE-2025-58137 HIGH

Apache Fineract < 1.12.1 - IDOR

CVE-2025-14356 MEDIUM

Ultra Addons for Contact Form 7 <3.5.33 - Info Disclosure

CVE-2025-61950 MEDIUM

GroupSession <5.3.0-5.3.2 - Info Disclosure

CVE-2025-12883 MEDIUM

Campay Woocommerce Payment Gateway <1.2.2 - Auth Bypass

CVE-2025-13124 HIGH

Netiket Information Technologies Ltd. Co. - Auth Bypass

CVE-2025-13003 HIGH

Aksis Computer Services and Consulting Inc. AxOnboard <3.3.0 - Auth...

CVE-2025-11247 MEDIUM

GitLab EE <18.4.6-18.6.2 - Info Disclosure

CVE-2025-13125 MEDIUM

Im Park Information Technology, Electronics, Press, Publishing and ...

CVE-2025-41358 HIGH

i2A CronosWeb <25.00.00.12 - IDOR

CVE-2025-67594 MEDIUM

ThimPress Thim Elementor Kit <1.3.4 - Auth Bypass

CVE-2025-63065 MEDIUM

Media Library Assistant <3.30 - Auth Bypass

CVE-2025-61075 HIGH

Mitarbeiterportal 2.15.2.0 - Privilege Escalation

CVE-2025-64497 MEDIUM

Enalean Tuleap < 16.12-10 - IDOR

CVE-2025-13748 MEDIUM

Fluent Forms <6.1.7 - Insecure Direct Object Reference

Previous Page 17 of 63 Next

Details

Vulnerabilities 1,572

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy