CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,574 vulnerabilities with CWE-639
CVE-2025-24976
MEDIUM
Registry 3.0.0-beta.1-3.0.0-rc.2 - Command Injection
CVE-2025-22695
MEDIUM
NirWeb <3.0.3 - Auth Bypass
CVSS 4.3
CVE-2025-22608
MEDIUM
Coollabs Coolify < 4.0.0 - Missing Authorization
CVSS 6.5
CVE-2025-0058
MEDIUM
SAP - Info Disclosure
CVSS 6.5
CVE-2024-56143
HIGH
Strapi < 5.5.2 - IDOR
CVSS 8.2
CVE-2024-13063
MEDIUM
Akinsoft MyRezzta <2.05.01 - Auth Bypass
CVSS 6.8
CVE-2024-13175
MEDIUM
Vidco Software VOC TESTER <12.41.0 - Auth Bypass
CVSS 5.5
CVE-2024-45329
MEDIUM
Fortinet FortiPortal <7.4.0 - Auth Bypass
CVSS 4.3
CVE-2024-12767
LOW
Buddyboss Platform < 2.7.60 - IDOR
CVSS 3.5
CVE-2024-52601
MEDIUM
Combodo Itop < 2.7.12 - IDOR
CVSS 6.5
CVE-2024-8988
MEDIUM
PeepSo Core: File Uploads <6.4.6.0 - Info Disclosure
CVSS 5.3
CVE-2024-13558
HIGH
Neahplugins NP Quote Request For Woocommerce < 1.9.180 - IDOR
CVSS 7.5
CVE-2024-9617
MEDIUM
danswer-ai/danswer v0.3.94 - Info Disclosure
CVSS 6.5
CVE-2024-8613
HIGH
gaizhenbiao/chuanhuchatgpt 20240802 - Info Disclosure
CVSS 8.8
CVE-2024-7476
MEDIUM
Lunary < 1.4.3 - IDOR
CVSS 4.3
CVE-2024-7040
MEDIUM
Openwebui Open Webui - IDOR
CVSS 4.9
CVE-2024-12880
MEDIUM
Infiniflow Ragflow - IDOR
CVSS 6.5
CVE-2024-12048
HIGH
transformeroptimus/superagi <0.0.14 - Info Disclosure
CVSS 8.8
CVE-2024-11300
MEDIUM
Lunary <1.6.3 - Info Disclosure
CVSS 6.5
CVE-2024-11167
MEDIUM
Librechat < 0.7.6 - IDOR
CVSS 5.3
CVE-2024-11137
HIGH
Lunary < 1.6.1 - IDOR
CVSS 7.5
CVE-2024-10366
MEDIUM
Librechat - IDOR
CVSS 6.5
CVE-2024-13407
MEDIUM
Omnipress plugin - Info Disclosure
CVSS 4.3
CVE-2024-11285
CRITICAL
Chimpgroup Jobcareer < 7.1 - IDOR
CVSS 9.8
CVE-2024-11284
CRITICAL
Chimpgroup Jobcareer < 7.1 - IDOR
CVSS 9.8
Details
Vulnerabilities
1,574
Exploit Likelihood
High