Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,794 vulnerabilities with CWE-639

CVE-2025-69029 MEDIUM

Select-Themes Struktur <2.5.1 - Auth Bypass

CVE-2025-68997 MEDIUM

wpDiscuz <= 7.6.43 - Authorization Bypass Through User-Controlled Key

CVE-2025-68979 MEDIUM

SimpleCalendar Google Calendar Events <3.5.9 - Auth Bypass

CVE-2025-68975 MEDIUM

Eagle-Themes Eagle Booking <1.3.4.3 - Auth Bypass

CVE-2025-68502 MEDIUM

Crocoblock JetPopup <2.0.20.1 - Auth Bypass

CVE-2025-69202 MEDIUM

Axios Cache Interceptor <1.11.1 - Auth Bypass

CVE-2025-15106 MEDIUM

maxun < 0.0.28 - Improper Authorization via Authentication Endpoint

CVE-2025-67909 HIGH

WP Swings Membership For WooCommerce <= 3.0.3 - Auth Bypass

CVE-2025-7733 MEDIUM

WP JobHunt <7.7 - Insecure Direct Object Reference

CVE-2025-66911 MEDIUM

Turms IM Server <= 0.10.0-SNAPSHOT - Authenticated Improper Access Control in User Online Status Query

CVE-2025-14882 LOW

pretix 2025.10.0 - Authorization Bypass via File UUID

CVE-2025-14881 LOW

pretix 1.0.0-2025.10.0 - Authorization Bypass via File UUID Access

CVE-2025-64282 MEDIUM

RadiusTheme Radius Blocks <2.2.1 - Auth Bypass

CVE-2025-63043 MEDIUM

PickPlugins Post Grid & Gutenberg Blocks <2.3.19 - Auth Bypass

CVE-2025-1031 HIGH

SoliClub 5.2.4-5.3.6 - Authorization Bypass Through User-Controlled Key

CVE-2025-13110 MEDIUM

HUSKY - Products Filter Professional - Insecure Direct Object Refer...

CVE-2025-10910 CRITICAL

Govee H6056 1.08.13 - Unauthenticated Device Binding Bypass via Cloud API

CVE-2025-10019 MEDIUM

Contact Form Email <1.3.60 - Auth Bypass

CVE-2025-34438 HIGH

AVideo < 20.1 - Insecure Direct Object Reference in Video Rotation Metadata

CVE-2025-34437 HIGH

AVideo < 20.1 - Authenticated Arbitrary Comment Image Upload via Missing Ownership Check

CVE-2025-34436 HIGH

AVideo < 20.1 - Authenticated Arbitrary File Upload via Insecure Direct Object Reference

CVE-2025-34435 MEDIUM

AVideo < 20.1 - Authenticated Arbitrary File Deletion via IDOR

CVE-2025-67165 CRITICAL

Pagekit CMS 1.0.18 - Insecure Direct Object Reference Privilege Escalation

CVE-2025-14101 HIGH

PaperWork 5.2.0.9427-6.0 - Authorization Bypass via User-Controlled Key

CVE-2025-11924 HIGH

Ninja Forms < 3.13.2 - Unauthenticated Insecure Direct Object Reference via REST Endpoint

Previous Page 25 of 72 Next

Details

Vulnerabilities 1,794

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy