Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,800 vulnerabilities with CWE-639

CVE-2024-9554 LOW

Sovell Smart Canteen System <3.0.7303.30513 - Auth Bypass

CVE-2024-47316 MEDIUM

Salon Booking System <10.9 - Auth Bypass

CVE-2024-47657 MEDIUM

Shilpi Net Back Office - Info Disclosure

CVE-2024-20513 MEDIUM

Cisco Meraki MX and Z Series - Unauthenticated Denial of Service via AnyConnect VPN Session Handler Brute Force

CVE-2024-9298 MEDIUM

SourceCodester Online Railway Reservation System 1.0 - Improper Access Control in Ticket Handler

CVE-2024-39319 MEDIUM

Aimeos Frontend Controller < 2020.10.15 - Insecure Direct Object Reference

CVE-2024-8290 HIGH

WCFM - Frontend Manager <6.7.12 - Insecure Direct Object Reference

CVE-2024-8485 CRITICAL

WordPress <4.7.1 - Privilege Escalation

CVE-2024-8791 CRITICAL

Charitable < 1.8.1.14 - Unauthenticated Privilege Escalation via update_core_user() ID Parameter

CVE-2024-45806 MEDIUM

Envoy < 1.28.7 - Authorization Bypass via RFC1918 Internal Address Trust

CVE-2024-45614 MEDIUM

Puma < 5.6.9 - Authorization Bypass via Underscore Header Clobbering

CVE-2024-46982 HIGH

Next.js 13.5.1-13.5.6 and 14.2.1-14.2.9 - Cache Poisoning via Crafted HTTP Request

CVE-2024-45606 HIGH

Sentry 23.4.0-24.9.0 - Authenticated Authorization Bypass via Alert Rule Mute

CVE-2024-45605 MEDIUM

Sentry 23.9.0-24.9.0 - Authenticated Authorization Bypass via User Alert Notification Deletion

CVE-2024-47047 HIGH

powermail < 7.5.0 and 7.5.0-7.5.1 - Unauthenticated Insecure Direct Object Reference via Mail Parameter

CVE-2024-6685 LOW

GitLab CE/EE <17.1.7-17.3.2 - Info Disclosure

CVE-2024-46937 HIGH

MFASOFT Secure Authentication Server 1.8.0-1.9.040924 - Unauthenticated Authorization Bypass via Token Brute-Force

CVE-2024-6087 MEDIUM

lunary < 1.4.9 - Unauthenticated Account Takeover via Invite Token Reuse

CVE-2024-25270 MEDIUM

Mirapolis LMS 4.6.XX - Info Disclosure

CVE-2024-3306 HIGH

SoliClub <4.4.0-5.2.1 - Auth Bypass

CVE-2024-3305 HIGH

SoliClub <4.4.0-5.2.1 - Auth Bypass

CVE-2024-27113 CRITICAL

SO Planning <1.52.02 - Unauthenticated Database Export Access Control Bypass

CVE-2024-45786 MEDIUM

Reedos aiM-Star 2.0.1 - Authenticated Authorization Bypass via API Parameter Manipulation

CVE-2024-45032 CRITICAL

Industrial Edge Management Pro/Virtual <V1.9.5-V2.3.1-1 - Auth Bypass

CVE-2024-8601 MEDIUM

TechExcel Back Office Software <1.0.0 - Info Disclosure

Previous Page 45 of 72 Next

Details

Vulnerabilities 1,800

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy