Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,800 vulnerabilities with CWE-639

CVE-2024-10868 MEDIUM

Enter Addons - Ultimate Template Builder for Elementor <= 2.1.9 - Information Exposure via Advanced Tabs Widget

CVE-2024-50395 HIGH

QNAP Media Streaming add-on 500.1.1.0-500.1.1.5 - Authorization Bypass via User-Controlled Key

CVE-2024-10666 MEDIUM

Easy Twitter Feed - Twitter feeds plugin for WP <= 1.2.6 - Authenticated Information Exposure via [etf] Shortcode

CVE-2024-10796 MEDIUM

If-So Dynamic Content Personalization <1.9.2.1 - Info Disclosure

CVE-2024-10782 MEDIUM

Theme Builder For Elementor <1.2.2 - Info Disclosure

CVE-2024-10696 MEDIUM

UltraAddons - Elementor Addons < 1.1.8 - Authenticated Insecure Direct Object Reference via show_template

CVE-2024-10671 MEDIUM

Button Block < 1.1.5 - Authenticated Information Exposure via [btn_block] Shortcode

CVE-2024-48899 MEDIUM

Moodle 4.4.0-4.4.3 - Improper Access Control in Course Badge Listing

CVE-2024-10855 HIGH

Sirv < 7.3.0 - Authenticated Arbitrary Option Deletion via sirv_upload_file_by_chunks

CVE-2024-11318 HIGH

AbsysNet 2.3.1 - Unauthenticated Session Hijacking via Brute-Force Attack on /cgi-bin/ocap/ Endpoint

CVE-2024-10795 MEDIUM

Popularis Extra <1.2.7 - Info Disclosure

CVE-2024-52511 MEDIUM

Nextcloud Tables 0.6.0-0.7.9 - Authorization Bypass via Direct Table ID Specification

CVE-2024-52507 LOW

Nextcloud Tables 0.3.0-0.8.0 - Authorization Bypass via Shared Table Permissions

CVE-2024-50651 MEDIUM

java_shop 1.0 - Unauthenticated Incorrect Access Control via ID Parameter

CVE-2024-10794 MEDIUM

Boostify Header Footer Builder - Info Disclosure

CVE-2024-10174 HIGH

WP Project Manager <2.6.13 - Insecure Direct Object Reference

CVE-2024-10778 MEDIUM

BuddyPress Builder for Elementor - BuddyBuilder <= 1.7.4 - Authenticated Information Exposure

CVE-2024-10695 MEDIUM

Futurio Extra <= 2.0.13 - Authenticated Information Exposure via Elementor-Template Shortcode

CVE-2024-11073 MEDIUM

Hospital Management System 1.0 - Unauthenticated IDOR via Patient ID

CVE-2024-10688 MEDIUM

Attesa Extra <1.4.2 - Info Disclosure

CVE-2024-10770 MEDIUM

Envo Extra <= 1.9.3 - Authenticated Information Exposure via Elementor Template Shortcode

CVE-2024-10669 MEDIUM

WordPress Countdown Timer <1.2.4 - Info Disclosure

CVE-2024-10667 MEDIUM

WordPress Content Slider Block <3.1.5 - Info Disclosure

CVE-2024-10693 MEDIUM

SKT Addons for Elementor <= 3.3 - Authenticated Information Exposure via Unfold Widget

CVE-2024-9262 MEDIUM

User Meta - User Profile Builder <3.1 - Insecure Direct Object Refe...

Previous Page 43 of 72 Next

Details

Vulnerabilities 1,800

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy