Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,574 vulnerabilities with CWE-639

CVE-2025-3282 MEDIUM

User Registration & Membership - Insecure Direct Object Reference

CVE-2025-32373 MEDIUM

Dnnsoftware Dotnetnuke < 9.13.8 - IDOR

CVE-2025-2526 HIGH

Streamit theme <4.0.2 - Privilege Escalation

CVE-2025-22931 HIGH

Os4ed Opensis < 9.1 - IDOR

CVE-2025-31867 MEDIUM

JoomSky JS Job Manager <2.0.2 - Auth Bypass

CVE-2025-31833 MEDIUM

themeglow JobBoard <1.2.7 - Auth Bypass

CVE-2025-30777 MEDIUM

PalsCode Support Genix <1.4.11 - Auth Bypass

CVE-2025-1667 HIGH

Igexsolutions Wpschoolpress < 2.2.16 - Missing Authorization

CVE-2025-2271 HIGH

Issuetrak <17.2.2 - Info Disclosure

CVE-2025-28874 MEDIUM

Shanebp BP Email Assign Templates < 1.8 - IDOR

CVE-2025-27436 MEDIUM

SAP S/4HANA - Privilege Escalation

CVE-2025-27433 MEDIUM

SAP S/4HANA - Auth Bypass

CVE-2025-26660 MEDIUM

SAP Fiori - Auth Bypass

CVE-2025-2125 MEDIUM

Control iD RH iD 25.2.25.0 - Improper Control of Resource Identifiers

CVE-2025-0337 MEDIUM

ServiceNow - Auth Bypass

CVE-2025-27507 CRITICAL

CVE-2025-25952 MEDIUM

Serosoft Academia Student Information System - IDOR

CVE-2025-26977 LOW

Ninjateam Filebird < 6.4.6 - IDOR

CVE-2025-26965 MEDIUM

Amelia <1.2.16 - Auth Bypass

CVE-2025-1607 MEDIUM

Mayurik Best Employee Management System - Improper Authorization

CVE-2025-25282 HIGH

RAGFlow - Privilege Escalation

CVE-2025-0352 HIGH

Rapid Response Monitoring My Security Account App - Info Disclosure

CVE-2025-26788 HIGH

StrongKey FIDO Server <4.15.1 - RCE

CVE-2025-1270 CRITICAL

Anapi Group's h6web - SSRF

CVE-2025-0661 MEDIUM

DethemeKit For Elementor <2.36 - Info Disclosure

Previous Page 29 of 63 Next

Details

Vulnerabilities 1,574

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy