Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,779 vulnerabilities with CWE-639

CVE-2025-13822 MEDIUM

Authentication bypass in MCPHub

CVE-2025-14974 MEDIUM

IBM InfoSphere Information Server is vulnerable due to Insecure Direct Object Reference

CVE-2025-69347 HIGH

WordPress WPSubscription plugin <= 1.8.10 - Insecure Direct Object References (IDOR) vulnerability

CVE-2025-32223 MEDIUM

WordPress Tutor LMS plugin <= 3.9.4 - Insecure Direct Object References (IDOR) vulnerability

CVE-2025-69727 MEDIUM

INDEX-EDUCATION PRONOTE <2025.2.8 - Info Disclosure

CVE-2025-67298 HIGH

ClasroomIO <0.2.6 - Privilege Escalation

CVE-2025-62166 HIGH

FreshRSS < 1.28.0 - Authorization Bypass via Master Authentication Token

CVE-2025-58402 HIGH

CGM CLININET < 2025.ms4 - Unauthenticated Authorization Bypass via MessageID Parameter

CVE-2025-14742 MEDIUM

WP Recipe Maker <=10.2.3 - Info Disclosure

CVE-2025-40541 CRITICAL

SolarWinds Serv-U < 15.5.4 - Authenticated Insecure Direct Object Reference

CVE-2025-70833 CRITICAL

Smanga 3.2.7 - Unauthenticated Authentication Bypass via Password Reset Parameter Manipulation

CVE-2025-15582 MEDIUM

detronetdip E-commerce 1.0.0 - Auth Bypass

CVE-2025-69394 HIGH

Cnvrse <=026.02.10.20 - Auth Bypass

CVE-2025-68514 MEDIUM

Paid Member Subscriptions <=2.16.8 - Auth Bypass

CVE-2025-68051 HIGH

Shiprocket <= 2.0.8 - Authorization Bypass Through User-Controlled Key

CVE-2025-9062 HIGH

Envanty < 1.0.6 - Authorization Bypass via Parameter Injection

CVE-2025-13842 MEDIUM

Breadcrumb NavXT <=7.5.0 - Auth Bypass

CVE-2025-70063 MEDIUM

PHPGurukul Hospital Management System 4.0 - Authorization Bypass via Medical History ViewID Parameter

CVE-2025-12071 MEDIUM

WordPress Frontend User Notes <=2.1.0 - IDOR

CVE-2025-69752 MEDIUM

Ideagen Q-Pulse 7.1.0.32 - Info Disclosure

CVE-2025-13004 MEDIUM

Farktor Software E-Commerce Services Inc. E-Commerce Package <2.711...

CVE-2025-14594 LOW

GitLab CE/EE <18.6.6-18.8.4 - Info Disclosure

CVE-2025-15096 HIGH

Videospirecore Theme Plugin <1.0.6 - Privilege Escalation

CVE-2025-10912 MEDIUM

Saastech TemizlikYolda <11022026 - Auth Bypass

CVE-2025-7347 HIGH

Dinibh Patrol Tracking System <10022026 - Auth Bypass

Previous Page 22 of 72 Next

Details

Vulnerabilities 1,779

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy