Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,811 vulnerabilities with CWE-639

CVE-2024-43239 MEDIUM

Masteriyo - LMS <1.11.4 - Auth Bypass

CVE-2024-42464 MEDIUM

upKeeper Manager <5.1.9 - Auth Bypass

CVE-2024-42463 MEDIUM

upKeeper Manager <5.1.9 - Auth Bypass

CVE-2024-27730 CRITICAL

Friendica 2023.12 - Authorization Bypass and Remote Code Execution via Calendar Event cid Parameter

CVE-2024-6534 MEDIUM

Directus v10.13.0 - Privilege Escalation

CVE-2024-21981 MEDIUM

AMD Secure Processor - Info Disclosure

CVE-2024-39642 MEDIUM

ThimPress LearnPress <4.2.6.8.2 - Auth Bypass

CVE-2024-7658 MEDIUM

projectsend <r1605 - Info Disclosure

CVE-2024-3035 MEDIUM

GitLab 8.12-17.0.5, 17.1-17.1.3, 17.2-17.2.1 - Authorization Bypass via LFS Token

CVE-2024-6357 MEDIUM

OpenText ArcSight Intelligence - Info Disclosure

CVE-2024-7438 MEDIUM

SimpleMachines SMF 2.1.4 - Improper Control of Resource Identifiers

CVE-2024-7437 MEDIUM

SimpleMachines SMF 2.1.4 - Improper Control of Resource Identifiers

CVE-2024-41254 MEDIUM

litestream < 0.3.13 - Man-in-the-Middle Attack via Insecure SSH Host Key Verification

CVE-2024-38701 MEDIUM

Academy LMS < 2.0.4 - Authorization Bypass Through User-Controlled Key

CVE-2024-34457 MEDIUM

Apache StreamPark < 2.1.4 - Authorization Bypass via User Token

CVE-2024-5977 MEDIUM

GiveWP <= 3.13.0 - Authenticated IDOR via 'handleRequest'

CVE-2024-5619 CRITICAL

PruvaSoft Informatics Apinizer Mgmt Console <2024.05.1 - Auth Bypass

CVE-2024-38447 HIGH

NATO NCI ANET 3.4.1 - Info Disclosure

CVE-2024-38446 MEDIUM

NATO NCI ANET 3.4.1 - Privilege Escalation

CVE-2024-6410 MEDIUM

ProfileGrid <= 5.8.9 - Authenticated IDOR via pm_upload_image

CVE-2024-39901 MEDIUM

OpenSearch Observability < 2.14 - Authorization Bypass via Private Tenant Resource Access

CVE-2024-39900 MEDIUM

OpenSearch Observability < 2.14 - Authorization Bypass via Private Tenant Resource Access

CVE-2024-39897 MEDIUM

Zot <2.1.0 - Unauthorized Blob Read via Dedupe Cache

CVE-2024-21759 MEDIUM

FortiPortal 7.0.0-7.0.6 and 7.2.0 - Authorization Bypass via HTTP/HTTPS Requests

CVE-2024-4341 MEDIUM

Extreme XDS < 3928 - Authorization Bypass via User-Controlled Key

Previous Page 47 of 73 Next

Details

Vulnerabilities 1,811

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy