Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,779 vulnerabilities with CWE-639

CVE-2026-22391 MEDIUM

Mikado-Themes Cocco <1.5.2 - Auth Bypass

CVE-2026-23964 MEDIUM

Mastodon <4.5.5-4.3.18 - Info Disclosure

CVE-2026-23754 HIGH

D-Link D-View 8 <2.0.1.107 - Privilege Escalation

CVE-2026-23844 MEDIUM

Whisper Money <0.1.5 - Info Disclosure

CVE-2026-23843 HIGH

teklifolustur_app Offer View - Insecure Direct Object Reference

CVE-2026-23522 LOW

LobeChat <2.0.0-next.193 - Privilege Escalation

CVE-2026-23478 CRITICAL

cal.com 3.1.6-6.0.7 - Unauthenticated Account Takeover via NextAuth JWT Callback

CVE-2026-22050 MEDIUM

NetApp ONTAP 9.16.1-9.16.1P8 & 9.17.1-9.17.1P1 - Auth Bypass via Snapshot Expiry Manipulation

CVE-2026-22589 HIGH

Spree < 4.10.2 - Unauthenticated Insecure Direct Object Reference

CVE-2026-21409 MEDIUM

RICOH Streamline NX 3.5.1-24R3 - Info Disclosure

CVE-2026-22588 MEDIUM

Spree < 4.10.2 - Authenticated Insecure Direct Object Reference via Order Address Manipulation

CVE-2026-22235 HIGH

OPEXUS eComplaint <9.0.45.0 - Info Disclosure

CVE-2026-22234 CRITICAL

OPEXUS eCasePortal <9.0.45.0 - Info Disclosure

CVE-2026-22489 MEDIUM

Wptexture Image Slider Slideshow <1.8 - Auth Bypass

CVE-2026-21447 HIGH

Bagisto < 2.3.10 - Authenticated Insecure Direct Object Reference via Order ID Parameter

CVE-2025-59133 HIGH

WordPress Projectopia plugin <= 5.1.25.2 - Insecure Direct Object References (IDOR) vulnerability

CVE-2025-14772 HIGH

Broken Access Control in ABB T-MAC Plus web application

CVE-2025-13479 HIGH

IDOR in PosCube's QR Menu

CVE-2025-15025 HIGH

IDOR in Yordam Informatics' Library Automation System

CVE-2025-12008 HIGH

IDOR in APPYAP's Yaay Social Media App

CVE-2025-13874 MEDIUM

Authorization Bypass Through User-Controlled Key in GitLab

CVE-2025-14033 MEDIUM

ilGhera Support System for WooCommerce <= 1.3.0 - Missing Authorization to Unauthenticated Sensitive Information Exposure

CVE-2025-15626 MEDIUM

Authenticated user can bypass authorization in Ribblr - Crochet & Knitting iOS application

CVE-2025-66286 MEDIUM

Webkitgtk: authorization bypass through webpage::send-request signal handler

CVE-2025-66954 MEDIUM

Buffalo Link Station 1.85-0.01 - Info Disclosure

Previous Page 21 of 72 Next

Details

Vulnerabilities 1,779

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy