Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,573 vulnerabilities with CWE-639

CVE-2025-64523 HIGH

Filebrowser < 2.45.1 - Improper Authorization

CVE-2025-12903 HIGH

Braintree For WooCommerce <3.2.78 - Auth Bypass

CVE-2025-12833 MEDIUM

GeoDirectory - WP Business Directory Plugin <2.8.139 - Insecure Dir...

CVE-2025-12087 MEDIUM

Woocommerce plugin <1.1.22 - Insecure Direct Object Reference

CVE-2025-12126 MEDIUM

The Total Book Project plugin - Insecure Direct Object Reference

CVE-2025-11532 MEDIUM

Wisly plugin - Insecure Direct Object Reference

CVE-2025-12919 LOW

EverShop <2.0.1 - Info Disclosure

CVE-2025-12918 LOW

yungifez Skuul School Management System <2.6.5 - Info Disclosure

CVE-2025-12353 MEDIUM

WPFunnels <3.6.2 - Unauthorized Registration

CVE-2025-11748 MEDIUM

Groups plugin for WordPress <3.7.0 - Insecure Direct Object Reference

CVE-2025-64431 HIGH

Zitadel < 4.6.3 - IDOR

CVE-2025-12854 LOW

newbee-mall-plus <2.4.1 - Auth Bypass

CVE-2025-58627 CRITICAL

Miraculous Core Plugin < 2.0.9 - Auth Bypass

CVE-2025-63248 HIGH

DWSurvey 6.14.0 - Privilege Escalation

CVE-2025-11690 HIGH

VehicleId IDOR - Info Disclosure

CVE-2025-0987 CRITICAL

CB Project Ltd. Co. CVLand <20251103 - Auth Bypass

CVE-2025-12623 LOW

fushengqian fuint <41e26be8a2c609413a0feaa69bdad33a71ae8032 - Auth ...

CVE-2025-6574 HIGH

Service Finder Bookings <6.1 - Privilege Escalation

CVE-2025-5949 HIGH

Service Finder Bookings <6.0 - Privilege Escalation

CVE-2025-61876 MEDIUM

Inforcer Platform <2.0.153 - Info Disclosure

CVE-2025-64283 MEDIUM

Rometheme RTMKit <1.6.7 - Auth Bypass

CVE-2025-12351 MEDIUM

Honeywell S35 Series Cameras - Privilege Escalation

CVE-2025-12288 MEDIUM

Bdtask Pharmacare < 9.4 - Improper Authorization

CVE-2025-12283 MEDIUM

Fabian Client Details System - Improper Authorization

CVE-2025-12270 MEDIUM

LearnHouse <98dfad76aad70711a8113f6c1fdabfccf10509ca - Info Disclosure

Previous Page 20 of 63 Next

Details

Vulnerabilities 1,573

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy