Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,779 vulnerabilities with CWE-639

CVE-2026-1733 MEDIUM

crmeb < 5.6.3 - Improper Authorization via Order ID Manipulation

CVE-2026-1251 MEDIUM

SupportCandy - Helpdesk & Customer Support Ticket System <3.4.4 - I...

CVE-2026-1389 MEDIUM

Document Embedder <2.0.4 - Insecure Direct Object Reference

CVE-2026-24134 MEDIUM

StudioCMS <0.2.0 - Privilege Escalation

CVE-2026-1213 MEDIUM

askbot <= 0.12.2 - Authenticated Profile Picture Modification

CVE-2026-24136 HIGH

Saleor 3.2.0-3.20.109 3.21.0-a.0-3.21.44 3.22.0-a.0-3.22.28 - Unauthenticated Insecure Direct Object Reference

CVE-2026-24634 MEDIUM

Rustaurius Ultimate Reviews <3.2.16 - Auth Bypass

CVE-2026-24631 MEDIUM

Mikado-Themes Rosebud <1.4 - Auth Bypass

CVE-2026-24599 MEDIUM

XLPlugins NextMove Lite <2.23.0 - Auth Bypass

CVE-2026-20912 CRITICAL

Gitea < 1.25.4 - Improper Access Control in Release Attachment Linking

CVE-2026-20904 MEDIUM

Gitea < 1.25.4 - Authenticated Improper Access Control in OpenID URI Visibility

CVE-2026-20897 CRITICAL

Gitea < 1.25.4 - Improper Access Control in Git LFS Lock Deletion

CVE-2026-1201 CRITICAL

Hubitat Elevation <2.4.2.157 - Auth Bypass

CVE-2026-24379 MEDIUM

WP Job Portal <= 2.4.3 - Authorization Bypass via Insecure Direct Object Reference

CVE-2026-22430 MEDIUM

Mikado-Themes Verdure <1.7 - Auth Bypass

CVE-2026-22426 MEDIUM

Elated-Themes Sweet Jane <1.3 - Auth Bypass

CVE-2026-22411 LOW

Mikado-Themes Dolcino - Auth Bypass

CVE-2026-22409 LOW

Mikado-Themes Justicia <1.3 - Auth Bypass

CVE-2026-22407 LOW

Mikado-Themes Roam <2.1.1 - Auth Bypass

CVE-2026-22406 LOW

Mikado-Themes Overton - Auth Bypass

CVE-2026-22404 LOW

Mikado-Themes Innovio <1.8 - Auth Bypass

CVE-2026-22400 MEDIUM

Mikado-Themes Holmes <1.8 - Auth Bypass

CVE-2026-22398 MEDIUM

Mikado-Themes Fleur <= 2.0 - Authorization Bypass via User-Controlled Key

CVE-2026-22396 MEDIUM

Mikado-Themes Fiorello <=1.0 - Auth Bypass

CVE-2026-22393 MEDIUM

Mikado-Themes Curly <3.3 - Auth Bypass

Previous Page 20 of 72 Next

Details

Vulnerabilities 1,779

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy