Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,796 vulnerabilities with CWE-639

CVE-2025-53944 HIGH

autogpt_platform <= v0.6.15 - Authenticated Authorization Bypass via graph_exec_id Parameter

CVE-2025-53357 MEDIUM

GLPI <10.0.18 - Privilege Escalation

CVE-2025-52448 HIGH

Tableau Server < 2023.3.19 - Authorization Bypass via validate-initial-sql API

CVE-2025-52447 HIGH

Tableau Server < 2023.3.19 - Authorization Bypass via set-initial-sql tabdoc Command

CVE-2025-52446 HIGH

Tableau Server < 2025.1.3, < 2024.2.12, < 2023.3.19 - Authorization Bypass via User-Controlled Key

CVE-2025-51479 MEDIUM

Onyx Enterprise Edition 0.27.0 - Auth Bypass

CVE-2025-51865 HIGH

Ai2 Playground <2025-06-03 - Info Disclosure

CVE-2025-51867 MEDIUM

Deepfiction AI - Insecure Direct Object Reference via /browse/stories Endpoint

CVE-2025-34140 HIGH

ETQ Reliance CG < SE.2025.1/2025.1.2 & NXG < SE.2025.1/2025.1.2 - Unauthenticated Authorization Bypass

CVE-2025-7900 MEDIUM

TYPO3 femanager <6.4.1, 7.0.0-7.5.2, 8.0.0-8.3.0 - Info Disclosure

CVE-2025-7899 MEDIUM

Powermail <13.0.0 - Info Disclosure

CVE-2025-7947 MEDIUM

jshERP < 3.5 - Improper Authorization via Account Handler ID Parameter

CVE-2025-7938 MEDIUM

Jerryshensjf JPACookieShop 1.0 - Auth Bypass

CVE-2025-51869 HIGH

Liner <2025-06-03 - Info Disclosure

CVE-2025-51868 HIGH

Dippy v2 - Insecure Direct Object Reference via conversation_id Parameter

CVE-2025-4129 HIGH

PAVO Pay < 13.05.2025 - Authorization Bypass Through User-Controlled Key

CVE-2025-4040 HIGH

Turbak Automatic Station Monitoring System <5.0.6.51 - Privilege Es...

CVE-2025-2301 MEDIUM

Akbim Software Online Exam Registration <14.03.2025 - Auth Bypass

CVE-2025-5681 MEDIUM

Turtek Software Eyotek <23.06.2025 - Auth Bypass

CVE-2025-1469 HIGH

Turtek Software Eyotek <11.03.2025 - Auth Bypass

CVE-2025-53640 MEDIUM

Indico 2.2-3.3.6 - Unauthenticated User Information Disclosure via User Detail Endpoint

CVE-2025-4855 CRITICAL

Schiocco Support Board <= 3.8.0 - Unauthenticated Authorization Bypass via Hardcoded Default Secrets

CVE-2025-6942 LOW

Secret Server <11.7.49 - Privilege Escalation

CVE-2025-6765 MEDIUM

Intelbras InControl 2.21.60.9 - Incorrect Privilege Assignment via /v1/operador/ HTTP PUT Request

CVE-2025-49135 MEDIUM

CVAT 2.2.0-2.39.0 - Unauthorized Data Access via Backup Import Filename Manipulation

Previous Page 34 of 72 Next

Details

Vulnerabilities 1,796

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy