Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,794 vulnerabilities with CWE-639

CVE-2025-8884 MEDIUM

VHS Electronic Software Ltd. Co. ACE Center <3.10.161.2255 - Privil...

CVE-2025-11741 MEDIUM

WPC Smart Quick View <4.2.5 - Info Disclosure

CVE-2025-11519 MEDIUM

Optimole <4.1.0 - Insecure Direct Object Reference

CVE-2025-11517 HIGH

WordPress Event Tickets & Registration <5.26.5 - Auth Bypass

CVE-2025-11895 MEDIUM

Binary MLM Plan <3.0 - Info Disclosure

CVE-2025-9559 MEDIUM

Pega Platform <Infinity - Info Disclosure

CVE-2025-41020 HIGH

Sergestec Exito 8.0 - Authorization Bypass via ID Parameter in Ticket Admin Endpoint

CVE-2025-10742 CRITICAL

Truelysell Core <1.8.6 - Privilege Escalation

CVE-2025-11176 MEDIUM

Quick Featured Images <13.7.2 - Insecure Direct Object Reference

CVE-2025-40773 LOW

SiPass integrated < 3.00 - Authorization Bypass via Insufficient Server-Side Checks

CVE-2025-62252 MEDIUM

Liferay Portal 7.4.0-7.4.3.111 & DXP 2023.Q4.0-2023.Q4.5 IDOR via UsersAdminPortlet

CVE-2025-62242 MEDIUM

Liferay Portal 7.4.3.4-7.4.3.111 & DXP 2023.Q4.0-2023.Q4.5, 2023.Q3.1-2023.Q3.8, 7.4 GA-92 - IDOR via Account Address

CVE-2025-62241 MEDIUM

Liferay DXP 2023.Q4.1-2023.Q4.5 - Authenticated Insecure Direct Object Reference via Commerce Order ID Parameter

CVE-2025-62244 MEDIUM

Liferay Portal 7.3.1-7.4.3.111 & DXP 2023.Q3.1-2023.Q3.8 - IDOR via Publications Portlet

CVE-2025-9902 HIGH

AKIN Software Computer Import Export Industry and Trade Co. Ltd. QR...

CVE-2025-31997 MEDIUM

HCL Unica Centralized Offer Management < 25.1.0.1 - Insecure Direct Object Reference

CVE-2025-11518 MEDIUM

WPC Smart Wishlist <5.0.3 - Insecure Direct Object Reference

CVE-2025-8887 MEDIUM

Usta Information Systems Inc. Aybs Interaktif - Info Disclosure

CVE-2025-61779 HIGH

Confidential Containers Trustee <0.15.0 - Auth Bypass

CVE-2025-6038 HIGH

Lisfinity Core - Privilege Escalation

CVE-2025-43724 MEDIUM

Dell PowerScale OneFS < 9.12.0.0 - Authorization Bypass via User-Controlled Key

CVE-2025-40676 MEDIUM

BBMRI-ERIC Negotiator < 3.15.5 - Insecure Direct Object Reference via UserID Parameter

CVE-2025-0606 MEDIUM

Logo Cloud < 0.67 - Authorization Bypass via User-Controlled Key

CVE-2025-11321 MEDIUM

zhuimengshaonian wisdom-education <1.0.4 - Auth Bypass

CVE-2025-0642 MEDIUM

PosCube Hardware Software and Consulting Ltd. Co. Assist <10.02.202...

Previous Page 30 of 72 Next

Details

Vulnerabilities 1,794

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy