Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,794 vulnerabilities with CWE-639

CVE-2025-66547 MEDIUM

Nextcloud Server <31.0.1 - Info Disclosure

CVE-2025-66546 LOW

Nextcloud Calendar <4.7.19, 5.5.6, 6.0.1 - Info Disclosure

CVE-2025-13932 HIGH

SolisCloud Monitoring Platform - Authenticated Insecure Direct Object Reference via Plant ID Parameter

CVE-2025-12997 LOW

Medtronic CareLink Network <Dec 4, 2025 - Info Disclosure

CVE-2025-61148 MEDIUM

edupluscampus 3.0.1 - Authenticated Insecure Direct Object Reference via 'rec_no' Parameter

CVE-2025-65097 MEDIUM

RomM <4.4.1-4.4.1-beta.2 - Privilege Escalation

CVE-2025-65096 MEDIUM

RomM <4.4.1-4.4.1-beta.2 - Info Disclosure

CVE-2025-13109 MEDIUM

HUSKY - Products Filter Professional <1.3.7.2 - Info Disclosure

CVE-2025-12954 LOW

MotoPress WordPress <2.4.16 - Info Disclosure

CVE-2025-41086 MEDIUM

GAMS < 48.7.0 - Unauthenticated Authorization Bypass via Insecure License Checksum

CVE-2025-66306 MEDIUM

Grav <1.8.0-beta.27 - Info Disclosure

CVE-2025-13615 CRITICAL

StreamTube Core <4.78 - Privilege Escalation

CVE-2025-13768 HIGH

Uniong WebITR < 2.1.0.34 - Authenticated Authentication Bypass via User ID Parameter

CVE-2025-13157 MEDIUM

QODE Wishlist <1.2.7 - Info Disclosure

CVE-2025-65670 MEDIUM

classroomio <0.1.13 - Info Disclosure

CVE-2025-65672 HIGH

classroomio <0.1.13 - Info Disclosure

CVE-2025-65647 MEDIUM

PHPGURUKUL Online Shopping Portal 2.1 - Insecure Direct Object Reference in Track Order Function

CVE-2025-64067 MEDIUM

Primakon Pi Portal 1.0.18 - Authorization Bypass via ID Manipulation and Filter Omission

CVE-2025-13452 MEDIUM

WooCommerce: OrderConvo <14 - Missing Authorization

CVE-2025-13389 MEDIUM

WooCommerce: OrderConvo <14 - Info Disclosure

CVE-2025-13382 MEDIUM

Frontend File Manager Plugin <23.4 - Insecure Direct Object Reference

CVE-2025-12040 MEDIUM

WooCommerce Wishlist <1.0.9 - Insecure Direct Object Reference

CVE-2025-10039 MEDIUM

Elula Wsdesk < 3.3.0 - IDOR

CVE-2025-12881 MEDIUM

WooCommerce <4.5.5 - Insecure Direct Object Reference

CVE-2025-12086 MEDIUM

Return Refund & Exchange For WooCommerce <4.5.5 - Insecure Direct O...

Previous Page 27 of 72 Next

Details

Vulnerabilities 1,794

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy