Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,822 vulnerabilities with CWE-639

CVE-2023-28109 MEDIUM

Play With Docker <= 0.0.2 - Authorization Bypass via CORS Misconfiguration

CVE-2023-25403 HIGH

yf-exam 1.8.0 - Authentication Bypass via Fixed JWT Key

CVE-2023-0882 HIGH

Kron Tech Single Connect < 2.16.1 - Authorization Bypass Through User-Controlled Key

CVE-2023-25160 MEDIUM

Nextcloud Mail < 1.11.8 - Unauthenticated Email Metadata Exposure via Mailbox ID

CVE-2023-0558 HIGH

ContentStudio plugin <1.2.5 - Auth Bypass

CVE-2023-0550 HIGH

Quick Restaurant Menu <2.0.2 - Privilege Escalation

CVE-2023-22471 LOW

Nextcloud Deck < 1.6.5 - Authorization Bypass via Attachment Deletion

CVE-2022-3459 MEDIUM

WooCommerce Multiple Free Gift <= 1.2.3 - Unauthenticated Gift Manipulation via Missing Server-Side Checks

CVE-2022-43450 MEDIUM

XWP Stream < 3.9.2 - Authorization Bypass Through User-Controlled Key

CVE-2022-24401 HIGH

midnightblue tetra - Authorization Bypass Through User-Controlled Key via Keystream Reuse

CVE-2022-24400 HIGH

midnightblue tetra - Authorization Bypass via Predictable MS Challenge RAND2

CVE-2022-42175 HIGH

SolusVM 1 4.1.2 - Insecure Direct Object Reference in WHMCS Module

CVE-2022-48505 MEDIUM

macOS < 13.0 - Unauthorized File System Modification

CVE-2022-36247 CRITICAL

Shop Beat Media Player <3.2.57 - Open Redirect

CVE-2022-48313 MEDIUM

Huawei EMUI and HarmonyOS - Bluetooth Pairing Authorization Bypass

CVE-2022-45175 MEDIUM

LIVEBOX Collaboration vDesk < 018 - Unauthenticated Insecure Direct Object Reference via OnlyOffice WebSocket Endpoint

CVE-2022-34138 HIGH

Biltema IP and Baby Camera Software <v124 - Info Disclosure

CVE-2022-45927 HIGH

OpenText Extended ECM 20.4-22.3 - Unauthenticated Remote Code Execution via QDS Endpoint

CVE-2022-40319 HIGH

LISTSERV 17 - Unauthenticated Account Modification via IDOR in wa.exe Email Parameter

CVE-2022-4812 MEDIUM

GitHub repository usememos/memos <0.9.1 - Auth Bypass

CVE-2022-4811 HIGH

usememos/memos <0.9.1 - Auth Bypass

CVE-2022-4806 MEDIUM

GitHub usememos/memos <0.9.1 - Auth Bypass

CVE-2022-4803 HIGH

usememos/memos <0.9.1 - Auth Bypass

CVE-2022-4802 MEDIUM

GitHub usememos/memos <0.9.1 - Auth Bypass

CVE-2022-4799 MEDIUM

memos < 0.9.1 - Authorization Bypass Through User-Controlled Key

Previous Page 59 of 73 Next

Details

Vulnerabilities 1,822

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy