Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-639

CWE-639

High likelihood

Authorization Bypass Through User-Controlled Key

Parent: CWE-863 - Incorrect Authorization

The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.

1,571 vulnerabilities with CWE-639

CVE-2026-1947 HIGH

NEX-Forms WordPress Plugin <=9.1.9 - Insecure Direct Object Reference

CVE-2026-1883 MEDIUM

Wicked Folders <4.1.0 - Insecure Direct Object Reference

CVE-2026-3999 HIGH

Broken access control vulnerability affecting ID Server

CVE-2026-2888 MEDIUM

Formidable Forms WordPress Plugin <=6.28 - Auth Bypass

CVE-2026-2879 MEDIUM

GetGenie WordPress Plugin <=4.3.2 - Insecure Direct Object Reference

CVE-2026-2257 MEDIUM

GetGenie WordPress Plugin <=4.3.2 - Stored XSS

CVE-2026-1704 MEDIUM

Appointment Booking Calendar <1.6.9.29 - Insecure Direct Object Reference

CVE-2026-2366 LOW

Keycloak - Auth Bypass

CVE-2026-32131 HIGH

ZITADEL <3.4.8/4.12.2 - Info Disclosure

CVE-2026-27591 CRITICAL

Winter CMS <1.0.477/1.1.12/1.2.12 - Privilege Escalation

CVE-2026-32104 MEDIUM

StudioCMS <0.4.3 - Privilege Escalation

CVE-2026-32103 MEDIUM

StudioCMS <0.4.3 - Privilege Escalation

CVE-2026-32097 HIGH

PingPong <7.27.2 - Path Traversal

CVE-2026-31874 CRITICAL

Taskosaur 1.0.0 - Privilege Escalation

CVE-2026-31867 MEDIUM

Craft Commerce <4.11.0/5.6.0 - IDOR

CVE-2026-1992 HIGH

ExactMetrics 8.6.0-9.0.2 - Auth Bypass

CVE-2026-2918 MEDIUM

Happy Addons for Elementor <3.21.0 - Privilege Escalation

CVE-2026-2917 MEDIUM

Happy Addons for Elementor <3.21.0 - IDOR

CVE-2026-1753 MEDIUM

Gutena Forms <1.6.1 - Privilege Escalation

CVE-2026-3453 HIGH

ProfilePress <=4.16.11 - Insecure Direct Object Reference

CVE-2026-31832 MEDIUM

Umbraco 14.0.0-16.5.0/17.0.0-17.2.1 - Privilege Escalation

CVE-2026-31820 MEDIUM

CVE-2026-30954 MEDIUM

LinkAce <=2.1.0 - Privilege Escalation

CVE-2026-3306 MEDIUM

GitHub Enterprise Server - Privilege Escalation

CVE-2026-30969 CRITICAL

Coral Server <1.1.0 - Auth Bypass

Previous Page 8 of 63 Next

Details

Vulnerabilities 1,571

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy