Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,796 vulnerabilities with CWE-639

CVE-2024-13063 MEDIUM

Akinsoft MyRezzta <2.05.01 - Auth Bypass

CVE-2024-13175 MEDIUM

Vidco Software VOC TESTER <12.41.0 - Auth Bypass

CVE-2024-45329 MEDIUM

Fortinet FortiPortal <7.4.0 - Auth Bypass

CVE-2024-12767 LOW

buddyboss-platform < 2.7.60 - Authenticated Authorization Bypass via Private Post Comments

CVE-2024-52601 MEDIUM

iTop < 2.7.12 - Unauthorized Data Access via Unprotected Route

CVE-2024-8988 MEDIUM

PeepSo Core: File Uploads <6.4.6.0 - Info Disclosure

CVE-2024-13558 HIGH

NP Quote Request for WooCommerce <= 1.9.179 - Unauthenticated Insecure Direct Object Reference

CVE-2024-9617 MEDIUM

danswer-ai/danswer v0.3.94 - Info Disclosure

CVE-2024-8613 HIGH

gaizhenbiao/chuanhuchatgpt 20240802 - Info Disclosure

CVE-2024-7476 MEDIUM

lunary 1.2.7-1.4.2 - Authenticated Broken Access Control via Template Version Endpoint

CVE-2024-7040 MEDIUM

open-webui v0.3.8 - Authorization Bypass via User ID Parameter

CVE-2024-12880 MEDIUM

RAGFlow 0.13.0 - Authorization Bypass via Tenant ID Manipulation

CVE-2024-12048 HIGH

transformeroptimus/superagi <0.0.14 - Info Disclosure

CVE-2024-11300 MEDIUM

lunary < 1.6.3 - Unauthorized Access to Prompt Data via URL Manipulation

CVE-2024-11167 MEDIUM

librechat < 0.7.6 - Authenticated Prompt Deletion via GroupID Parameter

CVE-2024-11137 HIGH

lunary < 1.6.1 - Insecure Direct Object Reference in PATCH /v1/runs/:id/score Endpoint

CVE-2024-10366 MEDIUM

LibreChat 0.7.5-rc2 Attachments - Insecure Direct Object Reference

CVE-2024-13407 MEDIUM

Omnipress <= 1.5.4 - Authenticated Information Exposure via Megamenu Block

CVE-2024-11285 CRITICAL

Chimpgroup Jobcareer < 7.1 - IDOR

CVE-2024-11284 CRITICAL

Chimpgroup Jobcareer < 7.1 - IDOR

CVE-2024-53406 HIGH

Espressif ESP-IDF 5.3.0 - Authentication Bypass via Session Key Reuse

CVE-2024-13887 MEDIUM

WordPress - Insecure Direct Object Reference

CVE-2024-12114 MEDIUM

FooGallery < 2.4.30 - Authenticated Insecure Direct Object Reference via foogallery_attachment_modal_save AJAX Action

CVE-2024-11216 HIGH

PozitifIK Pik Online <3.1.5 - Privilege Escalation

CVE-2024-8261 HIGH

Proliz Software OBS <24.0927 - Auth Bypass

Previous Page 39 of 72 Next

Details

Vulnerabilities 1,796

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy