Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,573 vulnerabilities with CWE-639

CVE-2025-13389 MEDIUM

WooCommerce: OrderConvo <14 - Info Disclosure

CVE-2025-13382 MEDIUM

Frontend File Manager Plugin <23.4 - Insecure Direct Object Reference

CVE-2025-12040 MEDIUM

WooCommerce Wishlist <1.0.9 - Insecure Direct Object Reference

CVE-2025-10039 MEDIUM

Elula Wsdesk < 3.3.0 - IDOR

CVE-2025-12881 MEDIUM

WooCommerce <4.5.5 - Insecure Direct Object Reference

CVE-2025-12086 MEDIUM

Return Refund & Exchange For WooCommerce <4.5.5 - Insecure Direct O...

CVE-2025-52670 MEDIUM

Revive-adserver Revive Adserver < 5.5.2 - Missing Authorization

CVE-2025-65034 HIGH

Rallly < 4.5.4 - IDOR

CVE-2025-65033 HIGH

Rallly < 4.5.4 - Improper Authorization

CVE-2025-65032 MEDIUM

Rallly < 4.5.4 - IDOR

CVE-2025-65031 MEDIUM

Rallly < 4.5.4 - Improper Authorization

CVE-2025-65030 HIGH

Rallly < 4.5.4 - Improper Authorization

CVE-2025-65029 HIGH

Rallly < 4.5.4 - Missing Authorization

CVE-2025-65028 MEDIUM

Rallly < 4.5.4 - Missing Authorization

CVE-2025-65021 CRITICAL

Rallly < 4.5.4 - Missing Authorization

CVE-2025-65020 MEDIUM

Rallly < 4.5.4 - Missing Authorization

CVE-2025-12766 MEDIUM

BlackBerry AtHoc OnPrem <7.21 - Info Disclosure

CVE-2025-12427 MEDIUM

YITH WooCommerce Wishlist <4.10.0 - Info Disclosure

CVE-2025-63513 MEDIUM

kishan0725 Hospital Management System v4 - Info Disclosure

CVE-2025-12524 MEDIUM

Post Type Switcher <4.0.0 - Insecure Direct Object Reference

CVE-2025-63291 MEDIUM

Alteryx Server 2022.1.1.42654-2024.1 - Info Disclosure

CVE-2025-8855 HIGH

Optimus Software Brokerage Automation <1.1.71 - Auth Bypass

CVE-2025-64706 MEDIUM

Typebot < 3.13.0 - Improper Access Control

CVE-2025-41069 MEDIUM

T-INNOVA DeporSite - IDOR

CVE-2025-12366 MEDIUM

Pagelayer <2.0.5 - Insecure Direct Object Reference

Previous Page 19 of 63 Next

Details

Vulnerabilities 1,573

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy