Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,573 vulnerabilities with CWE-639

CVE-2025-4855 CRITICAL

Schiocco Support Board < 3.8.1 - IDOR

CVE-2025-6942 LOW

Secret Server <11.7.49 - Privilege Escalation

CVE-2025-6765 MEDIUM

Intelbras Incontrol Web - IDOR

CVE-2025-49135 MEDIUM

Cvat Computer Vision Annotation Tool < 2.40.0 - IDOR

CVE-2025-50693 MEDIUM

PHPGurukul Online DJ Booking Management System 2.0 - IDOR

CVE-2025-3091 HIGH

Helmholz myREX24 and MB connect line mbCONNECT24/mymbCONNECT24 - Authentication Bypass

CVE-2025-6534 MEDIUM

xxyopen/201206030 novel-plus <5.1.3 - Improper Control of Resource ...

CVE-2025-49995 MEDIUM

dFactory Download Attachments <1.3.1 - Auth Bypass

CVE-2025-49978 MEDIUM

eyecix JobSearch <2.9.0 - Auth Bypass

CVE-2025-6329 MEDIUM

ScriptAndTools Real Estate Management System 1.0 - Auth Bypass

CVE-2025-5195 MEDIUM

Gitlab < 17.10.7 - IDOR

CVE-2025-40661 HIGH

ACC DM Corporative Cms < 2025.01 - IDOR

CVE-2025-40660 HIGH

ACC DM Corporative Cms < 2025.01 - IDOR

CVE-2025-40659 HIGH

ACC DM Corporative Cms < 2025.01 - IDOR

CVE-2025-40658 HIGH

ACC DM Corporative Cms < 2025.01 - IDOR

CVE-2025-4691 MEDIUM

Free Booking Plugin - Insecure Direct Object Reference

CVE-2025-40650 HIGH

Clickedu - Info Disclosure

CVE-2025-5182 MEDIUM

Summerpearlgroup Vacation Rental Mana... - Improper Authorization

CVE-2025-5181 LOW

Summerpearlgroup Vacation Rental Management Platform - Code Injection

CVE-2025-20114 MEDIUM

Cisco Unified Intelligence Center - Privilege Escalation

CVE-2025-24969 MEDIUM

iTop <3.2.1 - Info Disclosure

CVE-2025-3769 MEDIUM

LatePoint - Calendar Booking Plugin - Info Disclosure

CVE-2025-3605 CRITICAL

Frontend Login & Registration Blocks <1.0.7 - Privilege Escalation

CVE-2025-3811 CRITICAL

Iqonic Wpbookit < 1.0.3 - IDOR

CVE-2025-3810 CRITICAL

Iqonic Wpbookit < 1.0.3 - IDOR

Previous Page 26 of 63 Next

Details

Vulnerabilities 1,573

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy