Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,779 vulnerabilities with CWE-639

CVE-2026-28225 MEDIUM

Manyfold < 0.133.1 - Authorization Bypass via ModelFilesController get_model Method

CVE-2026-28217 MEDIUM

hoppscotch < 2026.2.0 - Authenticated Insecure Direct Object Reference via userCollection GraphQL Query

CVE-2026-28216 HIGH

Hoppscotch <2026.2.0 - Privilege Escalation

CVE-2026-27839 MEDIUM

wger <= 2.4 - Authenticated Authorization Bypass via Nutritional Values Endpoint

CVE-2026-27838 LOW

wger < 2.4 - Authorization Bypass via Routine Detail Cache Key

CVE-2026-27835 MEDIUM

wger <= 2.4 - Unauthorized Data Access via RepetitionsConfigViewSet and MaxRepetitionsConfigViewSet

CVE-2026-27449 HIGH

Umbraco Engage <16.2.1/17.1.1 - Auth Bypass

CVE-2026-26973 MEDIUM

Discourse <2025.12.2/2026.1.1/2026.2.0 - IDOR

CVE-2026-26265 HIGH

Discourse <2025.12.2 - Info Disclosure

CVE-2026-26078 HIGH

Discourse <2025.12.2/2026.1.1/2026.2.0 - Auth Bypass

CVE-2026-27943 MEDIUM

OpenEMR <=8.0.0 - Privilege Escalation

CVE-2026-25930 MEDIUM

OpenEMR < 8.0.0 - Authenticated Authorization Bypass via Layout-Based Form Printable View

CVE-2026-25929 MEDIUM

OpenEMR < 8.0.0 - Authenticated Patient Photo Access Control Bypass via Document Controller

CVE-2026-25927 HIGH

OpenEMR < 8.0.0 - Authenticated Authorization Bypass via DICOM Viewer State API

CVE-2026-25220 MEDIUM

OpenEMR <8.0.0 - Privilege Escalation

CVE-2026-27705 MEDIUM

Plane <1.2.2 - Privilege Escalation

CVE-2026-3185 MEDIUM

sz-boot-parent <=1.3.2-beta - Auth Bypass

CVE-2026-2698 MEDIUM

Tenable Security Center <= 6.8.0 - Improper Access Control

CVE-2026-2697 MEDIUM

Security Center - Privilege Escalation

CVE-2026-2997 MEDIUM

Tronclass - Insecure Direct Object Reference

CVE-2026-24950 HIGH

Authorsy <= 1.0.6 - Authorization Bypass via Insecure Direct Object Reference

CVE-2026-22383 HIGH

PawFriends Theme <=1.3 - Auth Bypass

CVE-2026-26016 HIGH

Pterodactyl Panel < 1.12.1 - Authenticated Authorization Bypass via Node Secret Token

CVE-2026-1219 MEDIUM

MP3 Audio Player 4.0-5.10 - Info Disclosure

CVE-2026-25324 MEDIUM

Quiz And Survey Master <=10.3.4 - Auth Bypass

Previous Page 18 of 72 Next

Details

Vulnerabilities 1,779

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy