Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,796 vulnerabilities with CWE-639

CVE-2025-31833 MEDIUM

themeglow JobBoard <1.2.7 - Auth Bypass

CVE-2025-30777 MEDIUM

PalsCode Support Genix <1.4.11 - Auth Bypass

CVE-2025-1667 HIGH

WPSchoolPress <= 2.2.16 - Authenticated Privilege Escalation via wpsp_UpdateTeacher Function

CVE-2025-2271 HIGH

Issuetrak <17.2.2 - Info Disclosure

CVE-2025-28874 MEDIUM

BP Email Assign Templates <= 1.7 - Authorization Bypass via User-Controlled Key

CVE-2025-27436 MEDIUM

SAP S/4HANA Manage Bank Statements - Authenticated Authorization Bypass

CVE-2025-27433 MEDIUM

SAP S/4HANA Manage Bank Statements - Authenticated Authorization Bypass via File Upload

CVE-2025-26660 MEDIUM

SAP Fiori apps (Posting Library) - Authorization Bypass via Inadequate Security Configuration

CVE-2025-2125 MEDIUM

Control iD RH iD 25.2.25.0 - Improper Control of Resource Identifiers

CVE-2025-0337 MEDIUM

ServiceNow Now Platform < Washington DC Patch 9, < Xanadu Patch 4, < Yokohama - Authenticated Authorization Bypass

CVE-2025-27507 CRITICAL

Zitadel Admin API - LDAP Configuration Insecure Direct Object Reference

CVE-2025-25952 MEDIUM

Academia Student Information System EagleR 1.0.118 - Authorization Bypass via getStudemtAllDetailsById API

CVE-2025-26977 LOW

Filebird <= 6.4.2.1 - Authorization Bypass via User-Controlled Key

CVE-2025-26965 MEDIUM

Amelia <= 1.2.16 - Insecure Direct Object Reference

CVE-2025-1607 MEDIUM

Best Employee Management System 1.0 - Authorization Bypass via Salary Slip ID Parameter

CVE-2025-25282 HIGH

RAGFlow 0.13.0-0.14.1 - Authenticated Cross-Tenant Access via IDOR

CVE-2025-0352 HIGH

Rapid Response Monitoring My Security Account App - Info Disclosure

CVE-2025-26788 HIGH

StrongKey FIDO Server <4.15.1 - RCE

CVE-2025-1270 CRITICAL

Anapi Group h6web - Authenticated Authorization Bypass via pkrelated Parameter Manipulation

CVE-2025-0661 MEDIUM

DethemeKit For Elementor <2.36 - Info Disclosure

CVE-2025-24976 MEDIUM

Registry 3.0.0-beta.1-3.0.0-rc.2 - Command Injection

CVE-2025-22695 MEDIUM

Nirweb support <= 3.0.3 - Authorization Bypass Through User-Controlled Key

CVE-2025-22608 MEDIUM

Coolify < 4.0.0-beta.361 - Authenticated Denial of Service via Team Invitation Revocation

CVE-2025-0058 MEDIUM

SAP Basis - Authenticated Information Disclosure via Parameter Manipulation

CVE-2024-56143 HIGH

Strapi 5.0.0-5.5.1 - Unauthenticated Private Field Exposure via Lookup Operator

Previous Page 38 of 72 Next

Details

Vulnerabilities 1,796

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy