Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,794 vulnerabilities with CWE-639

CVE-2025-52670 MEDIUM

Revive Adserver < 5.5.2 - Authorization Bypass via Banner Deletion

CVE-2025-65034 HIGH

rallly < 4.5.4 - Authenticated Authorization Bypass via PollId Parameter

CVE-2025-65033 HIGH

rallly < 4.5.4 - Authenticated Authorization Bypass in Poll Management

CVE-2025-65032 MEDIUM

rallly < 4.5.4 - Authenticated Insecure Direct Object Reference via ParticipantId Parameter

CVE-2025-65031 MEDIUM

rallly < 4.5.4 - Authenticated User Impersonation via Comment AuthorName Field

CVE-2025-65030 HIGH

rallly < 4.5.4 - Authenticated Authorization Bypass via Comment Deletion API

CVE-2025-65029 HIGH

rallly < 4.5.4 - Authenticated Insecure Direct Object Reference in Participant Deletion Endpoint

CVE-2025-65028 MEDIUM

rallly < 4.5.4 - Authenticated Insecure Direct Object Reference via ParticipantId Parameter

CVE-2025-65021 CRITICAL

rallly < 4.5.4 - Authenticated Insecure Direct Object Reference via Poll Finalization

CVE-2025-65020 MEDIUM

rallly < 4.5.4 - Authenticated Insecure Direct Object Reference via Poll Duplication Endpoint

CVE-2025-12766 MEDIUM

BlackBerry AtHoc OnPrem <7.21 - Info Disclosure

CVE-2025-12427 MEDIUM

YITH WooCommerce Wishlist <4.10.0 - Info Disclosure

CVE-2025-63513 MEDIUM

kishan0725 Hospital Management System v4 - Info Disclosure

CVE-2025-12524 MEDIUM

Post Type Switcher <4.0.0 - Insecure Direct Object Reference

CVE-2025-63291 MEDIUM

Alteryx Server 2022.1.1.42654-2024.1 - Info Disclosure

CVE-2025-8855 HIGH

Optimus Software Brokerage Automation <1.1.71 - Auth Bypass

CVE-2025-64706 MEDIUM

typebot 3.9.0-3.12.9 - Authenticated Insecure Direct Object Reference in API Token Management

CVE-2025-41069 MEDIUM

T-Innova DeporSite DSuite 2025 >=v02.14.1115 <v02.14.1115 - Authorization Bypass via idUsuario Parameter

CVE-2025-12366 MEDIUM

Pagelayer <2.0.5 - Insecure Direct Object Reference

CVE-2025-64523 HIGH

filebrowser < 2.45.1 - Authenticated Insecure Direct Object Reference in Share Deletion

CVE-2025-12903 HIGH

Braintree For WooCommerce <3.2.78 - Auth Bypass

CVE-2025-12833 MEDIUM

GeoDirectory - WP Business Directory Plugin <2.8.139 - Insecure Dir...

CVE-2025-12087 MEDIUM

Woocommerce plugin <1.1.22 - Insecure Direct Object Reference

CVE-2025-12126 MEDIUM

The Total Book Project plugin - Insecure Direct Object Reference

CVE-2025-11532 MEDIUM

Wisly plugin - Insecure Direct Object Reference

Previous Page 28 of 72 Next

Details

Vulnerabilities 1,794

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy