Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,573 vulnerabilities with CWE-639

CVE-2025-20214 MEDIUM

Cisco IOS XE - Info Disclosure

CVE-2025-3853 MEDIUM

WPshop 2-2.6.0 - Insecure Direct Object Reference

CVE-2025-3281 MEDIUM

WordPress <4.2.1 - Insecure Direct Object Reference

CVE-2025-3610 HIGH

Reales WP STPT <2.1.2 - Privilege Escalation

CVE-2025-47226 MEDIUM

Grokability Snipe-IT <8.1.0 - Info Disclosure

CVE-2025-4210 HIGH

Casdoor <1.811.0 - Auth Bypass

CVE-2025-1327 MEDIUM

Favethemes Homey < 2.4.5 - IDOR

CVE-2025-3889 MEDIUM

Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart < 5.1.4 - IDOR

CVE-2025-3874 MEDIUM

Tipsandtricks-hq Wordpress Simple Paypal Shopping Cart < 5.1.4 - IDOR

CVE-2025-4119 MEDIUM

Weitong Mall - Improper Access Control

CVE-2025-3640 MEDIUM

Moodle < 4.1.18 - IDOR

CVE-2025-3636 MEDIUM

Moodle < 4.1.18 - IDOR

CVE-2025-3625 HIGH

Moodle < 4.3.12 - IDOR

CVE-2025-25777 HIGH

Codeastro Bus Ticket Booking System - IDOR

CVE-2025-1284 MEDIUM

WooCommerce Automatic Order Printing <4.1 - Insecure Direct Object ...

CVE-2025-42605 CRITICAL

Meon Bidding Solutions - Auth Bypass

CVE-2025-3519 HIGH

Unblu Spark - Auth Bypass

CVE-2025-39434 MEDIUM

Scott Taylor Avatar <0.1.4 - Auth Bypass

CVE-2025-31950 MEDIUM

Growatt Cloud Portal < 3.6.0 - IDOR

CVE-2025-31945 MEDIUM

Growatt Cloud Portal < 3.6.0 - IDOR

CVE-2025-31654 MEDIUM

Growatt Cloud Portal <= 3.6.0 - Information Disclosure

CVE-2025-31360 MEDIUM

Growatt Cloud Portal < 3.6.0 - IDOR

CVE-2025-31147 MEDIUM

Growatt Cloud Portal < 3.6.0 - IDOR

CVE-2025-30257 MEDIUM

Growatt Cloud Portal <= 3.6.0 - Information Disclosure

CVE-2025-27929 MEDIUM

Growatt Cloud Portal < 3.6.0 - IDOR

Previous Page 27 of 63 Next

Details

Vulnerabilities 1,573

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy