Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,796 vulnerabilities with CWE-639

CVE-2025-9081 LOW

Mattermost <10.5.8, <9.11.17 - Info Disclosure

CVE-2025-43803 MEDIUM

Liferay Digital Experience Platform - Insecure Direct Object Reference in Contacts Center Widget

CVE-2025-8532 MEDIUM

Bimser Solution Software Trade Inc. EBA Document and Workflow Manag...

CVE-2025-10719 MEDIUM

Tronclass < 1.74 - Insecure Direct Object Reference via Parameter Manipulation

CVE-2025-5948 CRITICAL

Service Finder Bookings <6.0 - Privilege Escalation

CVE-2025-10493 MEDIUM

Chained Quiz <1.3.4 - Insecure Direct Object Reference

CVE-2025-8463 MEDIUM

SecHard <3.6.2-20250805 - Auth Bypass

CVE-2025-8057 MEDIUM

Patika Global Technologies HumanSuite <53.21.0 - Auth Bypass

CVE-2025-7355 MEDIUM

Beefull App <24.07.2025 - Auth Bypass

CVE-2025-5518 MEDIUM

ArgusTech BILGER <2.4.6 - Auth Bypass

CVE-2025-43790 HIGH

Liferay Portal 7.4.0-7.4.3.124 and DXP 2024.Q1.1-2024.Q1.12 - Authenticated Insecure Direct Object Reference

CVE-2025-43782 MEDIUM

Liferay Portal 7.4.0-7.4.3.124 & DXP 2024.Q1.1-2024.Q1.12 - IDOR via Workflow Definition API

CVE-2025-59034 MEDIUM

Indico < 3.3.8 - Unauthenticated User Profile Information Disclosure via Legacy API

CVE-2025-7718 HIGH

Resideo Plugin <2.5.4 - Privilege Escalation

CVE-2025-7049 HIGH

WordPress Gym Management System <= 67.7.0 - Authenticated Privilege Escalation

CVE-2025-52389 HIGH

Envasadora H2O Eireli - Soda Cristal v40.20.4 - Info Disclosure

CVE-2025-9114 CRITICAL

Doccure theme <1.4.8 - Privilege Escalation

CVE-2025-58597 MEDIUM

Tomdever wpForo Forum <2.4.6 - Auth Bypass

CVE-2025-22422 HIGH

Android - Authorization Bypass via Misleading Authentication Prompt

CVE-2025-9836 MEDIUM

macrozheng mall < 1.0.3 - Authorization Bypass via Order ID Manipulation

CVE-2025-9835 MEDIUM

macrozheng mall < 1.0.3 - Authorization Bypass via Order Cancellation

CVE-2025-0670 MEDIUM

Akinsoft ProKuafor <1.02.08 - Auth Bypass

CVE-2025-56254 MEDIUM

PHPGurukul Employee Leave Management System 2.1 - Authenticated Insecure Direct Object Reference via leaveid Parameter

CVE-2025-0640 MEDIUM

Akinsoft OctoCloud <1.11.01 - Auth Bypass

CVE-2025-8447 LOW

GitHub Enterprise Server < 3.14.17 - Unauthorized Repository Code Access via Diff Functionality

Previous Page 32 of 72 Next

Details

Vulnerabilities 1,796

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy