Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,794 vulnerabilities with CWE-639

CVE-2025-12919 LOW

evershop < 2.0.1 - Authorization Bypass via Order UUID Manipulation

CVE-2025-12918 LOW

yungifez Skuul School Management System <2.6.5 - Info Disclosure

CVE-2025-12353 MEDIUM

WPFunnels <3.6.2 - Unauthorized Registration

CVE-2025-11748 MEDIUM

Groups plugin for WordPress <3.7.0 - Insecure Direct Object Reference

CVE-2025-64431 HIGH

Zitadel 4.0.0-rc.1-4.6.2 - Authenticated Insecure Direct Object Reference via V2Beta API

CVE-2025-12854 LOW

newbee-mall-plus <2.4.1 - Auth Bypass

CVE-2025-58627 CRITICAL

Miraculous Core Plugin < 2.0.9 - Auth Bypass

CVE-2025-63248 HIGH

DWSurvey 6.14.0 - Privilege Escalation

CVE-2025-11690 HIGH

CFMOTO RIDE - Unauthorized Data Access via VehicleID Parameter

CVE-2025-0987 CRITICAL

CB Project Ltd. Co. CVLand <20251103 - Auth Bypass

CVE-2025-12623 LOW

fushengqian fuint <41e26be8a2c609413a0feaa69bdad33a71ae8032 - Auth ...

CVE-2025-6574 HIGH

Service Finder Bookings <6.1 - Privilege Escalation

CVE-2025-5949 HIGH

Service Finder Bookings <6.0 - Privilege Escalation

CVE-2025-61876 MEDIUM

Inforcer Platform <2.0.153 - Info Disclosure

CVE-2025-64283 MEDIUM

Rometheme RTMKit <1.6.7 - Auth Bypass

CVE-2025-12351 MEDIUM

Honeywell S35 Series Cameras - Privilege Escalation

CVE-2025-12288 MEDIUM

Bdtask Pharmacy Management System < 9.4 - Improper Authorization in User Profile Handler

CVE-2025-12283 MEDIUM

code-projects Client Details System 1.0 - Improper Authorization

CVE-2025-12270 MEDIUM

LearnHouse <98dfad76aad70711a8113f6c1fdabfccf10509ca - Info Disclosure

CVE-2025-34293 HIGH

GN4 Publishing System <2.6 - Info Disclosure

CVE-2025-11957 HIGH

Devolutions Server < 2025.2.14.0 - Authenticated Authorization Bypass via Temporary Access Workflow

CVE-2025-49952 MEDIUM

Houzez <= 4.2.5 - Authorization Bypass via User-Controlled Key

CVE-2025-6833 MEDIUM

All in One Time Clock Lite - WordPress <2.0 - Insecure Direct Objec...

CVE-2025-10570 MEDIUM

WooCommerce Flexible Refund Return Order <1.0.38 - Auth Bypass

CVE-2025-60511 MEDIUM

Moodle OpenAI Chat Block plugin 3.0.1 - IDOR

Previous Page 29 of 72 Next

Details

Vulnerabilities 1,794

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy