Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,811 vulnerabilities with CWE-639

CVE-2024-39321 HIGH

Traefik < 2.11.6, 3.0.0-beta3-3.0.4 - IP Allow-List Bypass via HTTP/3 Early Data

CVE-2024-39223 CRITICAL

gost 2.11.5 - Authentication Bypass via SSH HostKeyCallback Misconfiguration

CVE-2024-31898 MEDIUM

IBM InfoSphere Information Server 11.7 - Auth Bypass

CVE-2024-5942 MEDIUM

Page and Post Clone <= 6.0 - Authenticated Insecure Direct Object Reference via 'content_clone' Function

CVE-2024-1107 CRITICAL

Talya Informatics Travel APPS <v17.0.68 - Auth Bypass

CVE-2024-4874 MEDIUM

Bricks Builder < 1.9.8 - Authenticated Insecure Direct Object Reference via postId Parameter

CVE-2024-5639 MEDIUM

WordPress <2.6.1 - Insecure Direct Object Reference

CVE-2024-4873 MEDIUM

WordPress Replace Image <1.1.10 - Insecure Direct Object Reference

CVE-2024-37889 MEDIUM

myfinances < 0.4.6 - Authorization Bypass via User-Controlled Key

CVE-2024-33373 MEDIUM

LB-LINK BL-W1210M v2.0 - Authorization Bypass via Password Policy Bypass

CVE-2024-2472 CRITICAL

LatePoint Plugin <4.9.9 - Info Disclosure

CVE-2024-29181 LOW

Strapi < 4.19.1 - Authorization Bypass in Content Manager Plugin

CVE-2024-5438 MEDIUM

Tutor LMS < 2.7.1 - Authenticated Insecure Direct Object Reference via Quiz Attempt Deletion

CVE-2024-5131 MEDIUM

lunary-ai/lunary <1.2.2 - Info Disclosure

CVE-2024-5130 HIGH

lunary-ai/lunary <1.2.8 - Auth Bypass

CVE-2024-5128 HIGH

lunary-ai/lunary <1.2.2 - Info Disclosure

CVE-2024-36399 HIGH

kanboard < 1.2.37 - Improper Access Control in ProjectPermissionController

CVE-2024-4886 MEDIUM

BuddyBoss Platform < 2.6.00 - Insecure Direct Object Reference via Post ID Manipulation

CVE-2024-4750 MEDIUM

BuddyBoss Platform < 2.6.0 - Authorization Bypass via Private Post Like Request

CVE-2024-4274 MEDIUM

WordPress Essential Real Estate <4.4.2 - Info Disclosure

CVE-2024-32045 MEDIUM

Mattermost <9.5.4, <9.6.2, <8.1.13 - Privilege Escalation

CVE-2024-5258 MEDIUM

GitLab 16.10-16.10.5, 16.11-16.11.2, 17.0 - Authenticated Authorization Bypass via Pipeline Naming Convention

CVE-2024-5166 MEDIUM

Google Cloud's Looker - Info Disclosure

CVE-2024-4154 MEDIUM

lunary < 1.2.26 - Unauthenticated Project Renaming via PATCH Request

CVE-2024-4151 HIGH

lunary < 1.2.25 - Unauthenticated Authorization Bypass via Template Version Request Handling

Previous Page 48 of 73 Next

Details

Vulnerabilities 1,811

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy