Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,827 vulnerabilities with CWE-639

CVE-2022-4811 HIGH

usememos/memos <0.9.1 - Auth Bypass

CVE-2022-4806 MEDIUM

GitHub usememos/memos <0.9.1 - Auth Bypass

CVE-2022-4803 HIGH

usememos/memos <0.9.1 - Auth Bypass

CVE-2022-4802 MEDIUM

GitHub usememos/memos <0.9.1 - Auth Bypass

CVE-2022-4799 MEDIUM

memos < 0.9.1 - Authorization Bypass Through User-Controlled Key

CVE-2022-4798 MEDIUM

memos < 0.9.1 - Authorization Bypass Through User-Controlled Key

CVE-2022-46179 CRITICAL

LiuOS <= 0.1.0 - Authentication Bypass via GITHUB_ACTIONS Environment Variable

CVE-2022-4686 CRITICAL

GitHub repository usememos/memos <0.9.0 - Auth Bypass

CVE-2022-3805 HIGH

Jeg Elementor Kit <2.5.6 - Auth Bypass

CVE-2022-3794 MEDIUM

Jeg Elementor Kit <2.5.6 - Auth Bypass

CVE-2022-31683 MEDIUM

Concourse 6.0.0-6.7.8 and 7.0.0-7.8.2 - Authorization Bypass via Team Name Parameter

CVE-2022-3876 MEDIUM

Click Studios Passwordstate - Auth Bypass

CVE-2022-4505 HIGH

OpenEMR < 7.0.0.2 - Authorization Bypass Through User-Controlled Key

CVE-2022-4097 MEDIUM

All-In-One Security (AIOS) <5.0.8 - Open Redirect

CVE-2022-38765 MEDIUM

Canon Medical Informatics Vitrea Vision <7.7.76.1 - Privilege Escal...

CVE-2022-2808 HIGH

Algan Software Prens <2.1.11 - ORM Injection

CVE-2022-3995 MEDIUM

TeraWallet <= 1.4.3 - Authenticated Insecure Direct Object Reference via lock_unlock_terawallet AJAX Action

CVE-2022-43326 HIGH

Telos Alliance Omnia MPX Node <1.4 - IDOR

CVE-2022-24187 HIGH

Ourphoto App 1.4.1 - Info Disclosure

CVE-2022-3589 HIGH

Miele AppWash - Authorization Bypass via API Endpoint

CVE-2022-43492 MEDIUM

Comments - wpDiscuz 7.4.2 - Authenticated Insecure Direct Object Reference

CVE-2022-44005 MEDIUM

BACKCLICK Professional 5.9.63 - Info Disclosure

CVE-2022-42129 MEDIUM

Liferay Portal 7.3.2-7.4.3.4 & DXP 7.3-7.4 GA - IDOR via Dynamic Data Mapping Form Instance Record ID

CVE-2022-3413 MEDIUM

GitLab 14.5-15.3.5 15.4-15.4.4 15.5-15.5.2 - Authorization Bypass in Audit Events Display

CVE-2022-40206 MEDIUM

wpForo Forum <= 2.0.5 - Insecure Direct Object Reference in Post Privacy Setting

Previous Page 60 of 74 Next

Details

Vulnerabilities 1,827

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy