Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,794 vulnerabilities with CWE-639

CVE-2025-64012 MEDIUM

InvoicePlane invoices/view - Insecure Direct Object Reference

CVE-2025-13474 HIGH

Menulux Software Inc. Mobile App <9.5.8 - Auth Bypass

CVE-2025-68071 MEDIUM

g5theme Essential Real Estate <= 5.2.2 - Auth Bypass

CVE-2025-67985 MEDIUM

Barn2 Plugins Document Library Lite - Auth Bypass

CVE-2025-66132 MEDIUM

FAPI Member <= 2.2.30 - Authorization Bypass Through User-Controlled Key

CVE-2025-64011 MEDIUM

Nextcloud Server 30.0.0 - Authenticated Insecure Direct Object Reference via /core/preview fileId Parameter

CVE-2025-58137 HIGH

Apache Fineract <= 1.11.0 - Authorization Bypass Through User-Controlled Key

CVE-2025-14356 MEDIUM

Ultra Addons for Contact Form 7 <3.5.33 - Info Disclosure

CVE-2025-61950 MEDIUM

GroupSession <5.3.0-5.3.2 - Info Disclosure

CVE-2025-12883 MEDIUM

Campay Woocommerce Payment Gateway <1.2.2 - Auth Bypass

CVE-2025-13124 HIGH

Netiket Information Technologies Ltd. Co. - Auth Bypass

CVE-2025-13003 HIGH

Aksis Computer Services and Consulting Inc. AxOnboard <3.3.0 - Auth...

CVE-2025-11247 MEDIUM

GitLab EE <18.4.6-18.6.2 - Info Disclosure

CVE-2025-13125 MEDIUM

Im Park Information Technology, Electronics, Press, Publishing and ...

CVE-2025-41358 HIGH

CronosWeb i2A < 25.00.00.12 - Authenticated Authorization Bypass via DocumentCode Parameter

CVE-2025-67594 MEDIUM

ThimPress Thim Elementor Kit <1.3.4 - Auth Bypass

CVE-2025-63065 MEDIUM

Media Library Assistant <3.30 - Auth Bypass

CVE-2025-61075 HIGH

Mitarbeiterportal 2.15.2.0 - Privilege Escalation

CVE-2025-64497 MEDIUM

Tuleap < 16.12-10, < 17.0.99.1762431347 - Unauthorized File Release System Information Access

CVE-2025-13748 MEDIUM

Fluent Forms <6.1.7 - Insecure Direct Object Reference

CVE-2025-66558 LOW

Nextcloud Twofactor WebAuthn <1.4.2, <2.4.1 - Info Disclosure

CVE-2025-66556 LOW

Nextcloud talk <20.1.8-21.1.2 - Info Disclosure

CVE-2025-66553 MEDIUM

Nextcloud Tables <0.8.7 & 0.9.4 - Info Disclosure

CVE-2025-66551 MEDIUM

Nextcloud Tables <0.8.6-0.9.3 - Privilege Escalation

CVE-2025-66513 MEDIUM

Nextcloud Tables <0.8.9, <0.9.6, <1.0.1 - Info Disclosure

Previous Page 26 of 72 Next

Details

Vulnerabilities 1,794

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy