Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,796 vulnerabilities with CWE-639

CVE-2025-47226 MEDIUM

Grokability Snipe-IT <8.1.0 - Info Disclosure

CVE-2025-4210 HIGH

Casdoor < 1.812.0 - Authorization Bypass via SCIM User Creation Endpoint

CVE-2025-1327 MEDIUM

Homey < 2.4.4 - Authenticated Insecure Direct Object Reference via homey_delete_user_account Action

CVE-2025-3889 MEDIUM

WordPress Simple Shopping Cart <= 5.1.3 - Unauthenticated Insecure Direct Object Reference via process_payment_data

CVE-2025-3874 MEDIUM

WordPress Simple Shopping Cart <= 5.1.3 - Unauthenticated Insecure Direct Object Reference via User-Controlled Key

CVE-2025-4119 MEDIUM

Weitong Mall 1.0.0 - Improper Access Control in Product Statistics Handler

CVE-2025-3640 MEDIUM

Moodle < 4.1.18 - Authorization Bypass via Insufficient Capability Checks

CVE-2025-3636 MEDIUM

Moodle < 4.1.18 - Authorization Bypass via RSS Feed Access

CVE-2025-3625 HIGH

Moodle 4.3.0-4.3.11 - Authorization Bypass via Two-Factor Authentication

CVE-2025-25777 HIGH

Codeastro Bus Ticket Booking System 1.0 - Unauthenticated Insecure Direct Object Reference via User ID Parameter

CVE-2025-1284 MEDIUM

WooCommerce Automatic Order Printing <4.1 - Insecure Direct Object ...

CVE-2025-42605 CRITICAL

Meon Bidding Solutions - Auth Bypass

CVE-2025-3519 HIGH

Unblu Spark 8.0.0-8.12.1 and >=8.13.1 - Authorization Bypass via File ID Reuse

CVE-2025-39434 MEDIUM

Scott Taylor Avatar <0.1.4 - Auth Bypass

CVE-2025-31950 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Authorization Bypass

CVE-2025-31945 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Authorization Bypass

CVE-2025-31654 MEDIUM

Growatt Cloud Portal <= 3.6.0 - Information Disclosure

CVE-2025-31360 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Authorization Bypass via Scene Device Actions

CVE-2025-31147 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Information Disclosure via EV Charger Energy Query

CVE-2025-30257 MEDIUM

Growatt Cloud Portal <= 3.6.0 - Information Disclosure

CVE-2025-27929 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated User Enumeration

CVE-2025-27927 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Device List Exposure via API

CVE-2025-27719 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Authorization Bypass via API Endpoint

CVE-2025-27575 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Information Disclosure via Charger ID

CVE-2025-27565 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Authorization Bypass via Room Deletion

Previous Page 36 of 72 Next

Details

Vulnerabilities 1,796

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy