Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,794 vulnerabilities with CWE-639

CVE-2025-58055 MEDIUM

Discourse < 3.5.1 - Authenticated Improper Access Control via AI Suggestion Endpoint Topic ID Manipulation

CVE-2025-59687 MEDIUM

IMPAQTR Aurora <1.36 - Info Disclosure

CVE-2025-56392 HIGH

Collegetivity 1.0.0 - Insecure Direct Object Reference via Dashboard Notes Endpoint

CVE-2025-43827 MEDIUM

Liferay Portal 7.4.0-7.4.3.117 & DXP 2024.Q1.1-2024.Q1.5 - IDOR via Audit Event ID

CVE-2025-41099 MEDIUM

BOLD Workplanner < 2.5.25 - Authenticated Insecure Direct Object Reference

CVE-2025-41098 HIGH

BOLD Workplanner < 2.5.25 - Insecure Direct Object Reference via General Enquiry Web Service

CVE-2025-41097 MEDIUM

BOLD Workplanner < 2.5.25 - Authenticated Insecure Direct Object Reference

CVE-2025-41096 MEDIUM

BOLD Workplanner < 2.5.25 - Authenticated Insecure Direct Object Reference

CVE-2025-41095 MEDIUM

BOLD Workplanner < 2.5.25 - Authenticated Insecure Direct Object Reference

CVE-2025-41094 MEDIUM

BOLD Workplanner < 2.5.25 - Authenticated Insecure Direct Object Reference

CVE-2025-41093 MEDIUM

BOLD Workplanner < 2.5.25 - Authenticated Insecure Direct Object Reference

CVE-2025-41092 MEDIUM

BOLD Workplanner < 2.5.25 - Authenticated Insecure Direct Object Reference

CVE-2025-41091 MEDIUM

BOLD Workplanner < 2.5.25 - Authenticated Insecure Direct Object Reference via Calendar Identifier

CVE-2025-55795 LOW

openml/openml.org v2.0.20241110 - Open Redirect

CVE-2025-10947 MEDIUM

Sistemas Pleno Gestão de Locação <2025.7.x - Auth Bypass

CVE-2025-9342 MEDIUM

AHE Mobile 1.9.7-1.9.8 - Authorization Bypass Through User-Controlled Key

CVE-2025-7106 MEDIUM

librechat < 0.7.9 - Improper Access Control in checkAccess Function

CVE-2025-43810 MEDIUM

Liferay DXP 2023.Q3.1-2023.Q3.10 - Authenticated IDOR via Commerce Order Notes

CVE-2025-59562 MEDIUM

Academy LMS <= 3.3.4 - Authorization Bypass Through User-Controlled Key

CVE-2025-58012 LOW

Alex Content Mask <1.8.5.2 - Auth Bypass

CVE-2025-57994 MEDIUM

Sayful Islam Upcoming Events Lists <1.4.0 - Auth Bypass

CVE-2025-0875 MEDIUM

OBS (Student Affairs Information System) < v26.0328 - Authorization Bypass via Parameter Injection

CVE-2025-10759 MEDIUM

Webkul QloApps < 1.7.0 - Authorization Bypass via CSRF Token Manipulation

CVE-2025-9081 LOW

Mattermost <10.5.8, <9.11.17 - Info Disclosure

CVE-2025-43803 MEDIUM

Liferay Digital Experience Platform - Insecure Direct Object Reference in Contacts Center Widget

Previous Page 31 of 72 Next

Details

Vulnerabilities 1,794

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy