Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,796 vulnerabilities with CWE-639

CVE-2025-27561 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Authorization Bypass via Room Rename

CVE-2025-26857 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Authorization Bypass via Device Rename

CVE-2025-25276 MEDIUM

Growatt Cloud Portal <= 3.6.0 - Device Hijacking

CVE-2025-24850 MEDIUM

Growatt Cloud Portal <= 3.6.0 - Information Disclosure

CVE-2025-24315 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Authorization Bypass via Device Addition

CVE-2025-31949 MEDIUM

Growatt Cloud Portal < 3.6.0 - Authenticated Authorization Bypass via Plant ID

CVE-2025-31941 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Authorization Bypass via Username Enumeration

CVE-2025-31933 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Username Enumeration via API Query

CVE-2025-31357 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Authorization Bypass via Username

CVE-2025-30514 MEDIUM

Smart Device Collections - Info Disclosure

CVE-2025-30254 MEDIUM

Growatt Cloud Portal <= 3.6.0 - Information Disclosure

CVE-2025-27939 HIGH

Growatt Cloud Portal < 3.6.0 - Unauthenticated Account Takeover via Email Change

CVE-2025-27938 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Information Disclosure via User-Controlled Key

CVE-2025-27568 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Email Disclosure via Password Reset Request

CVE-2025-24487 MEDIUM

Growatt Cloud Portal < 3.6.0 - Unauthenticated Username Enumeration via API Query

CVE-2025-3575 HIGH

Deporsite >= 05.29.0907 < 05.29.0907 - Insecure Direct Object Reference via idUsuario Parameter

CVE-2025-3574 HIGH

Deporsite >=v05.29.0907 <v05.29.0907 - Insecure Direct Object Reference via idUsuario Parameter

CVE-2025-3537 MEDIUM

Tutorials-Website Employee Management System 1.0 - Improper Authorization via ID Parameter in /admin/update-user.php

CVE-2025-3536 MEDIUM

Tutorials-Website Employee Management System 1.0 - Improper Authorization in Delete User Function

CVE-2025-3292 MEDIUM

WordPress <4.1.3 - Insecure Direct Object Reference

CVE-2025-3282 MEDIUM

User Registration & Membership - Insecure Direct Object Reference

CVE-2025-32373 MEDIUM

Dnnsoftware Dotnetnuke < 9.13.8 - IDOR

CVE-2025-2526 HIGH

Streamit theme <4.0.2 - Privilege Escalation

CVE-2025-22931 HIGH

OS4ED openSIS 7.0-9.1 - Unauthenticated Insecure Direct Object Reference in Staff Files Component

CVE-2025-31867 MEDIUM

JoomSky JS Job Manager <2.0.2 - Auth Bypass

Previous Page 37 of 72 Next

Details

Vulnerabilities 1,796

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy