CWE-639
High likelihoodAuthorization Bypass Through User-Controlled Key
The system's authorization functionality does not prevent one user from gaining access to another user's data or record by modifying the key value identifying the data.
1,571 vulnerabilities with CWE-639
CVE-2026-30959
MEDIUM
OneUptime - Auth Bypass
CVSS 5.0
CVE-2026-30945
HIGH
StudioCMS <0.4.0 - Privilege Escalation
CVSS 7.1
CVE-2026-30944
HIGH
StudioCMS <0.4.0 - Privilege Escalation
CVSS 8.8
CVE-2026-30927
MEDIUM
Admidio <5.0.6 - Privilege Escalation
CVSS 5.4
CVE-2026-30920
HIGH
OneUptime <10.0.19 - Auth Bypass
CVSS 8.6
CVE-2026-30885
MEDIUM
WWBN AVideo <25.0 - Info Disclosure
CVSS 5.3
CVE-2026-28433
MEDIUM
Misskey 10.93.0-2026.3.0 - Auth Bypass
CVSS 4.3
CVE-2026-30857
MEDIUM
WeKnora <0.3.0 - Auth Bypass
CVSS 5.3
CVE-2026-30825
NONE
Hoppscotch <2026.2.1 - Privilege Escalation
CVE-2026-30823
HIGH
Flowise <3.0.13 - IDOR
CVSS 8.8
CVE-2026-30231
MEDIUM
Flare <1.7.2 - Auth Bypass
CVSS 5.3
CVE-2026-30230
HIGH
Flare <1.7.2 - Auth Bypass
CVSS 7.5
CVE-2026-30843
MEDIUM
Wekan 8.32-8.33 - IDOR
CVSS 6.5
CVE-2026-25877
MEDIUM
Chartbrew <4.8.1 - Privilege Escalation
CVSS 6.5
CVE-2026-28469
HIGH
OpenClaw <2026.2.14 - Auth Bypass
CVSS 7.5
CVE-2026-27898
MEDIUM
Vaultwarden <1.35.4 - Info Disclosure
CVSS 5.4
CVE-2026-29069
MEDIUM
Craft CMS <5.9.0-beta.2/4.17.0-beta.2 - Auth Bypass
CVSS 5.3
CVE-2026-28782
MEDIUM
Craft CMS <5.9.0-beta.1/4.17.0-beta.1 - Privilege Escalation
CVSS 4.3
CVE-2026-28781
MEDIUM
Craft CMS <4.17.0-beta.1/5.9.0-beta.1 - Privilege Escalation
CVSS 6.5
CVE-2026-28696
HIGH
Craft CMS <4.17.0-beta.1/5.9.0-beta.1 - Info Disclosure
CVSS 7.5
CVE-2026-0020
HIGH
ParsedPermissionUtils - Privilege Escalation
CVSS 8.4
CVE-2026-28361
MEDIUM
NocoDB <0.301.3 - Privilege Escalation
CVSS 6.3
CVE-2026-28354
MEDIUM
ClipBucket <5.5.3 #59 - Privilege Escalation
CVSS 6.5
CVE-2026-27793
MEDIUM
Seerr <3.1.0 - Info Disclosure
CVSS 6.5
CVE-2026-25147
HIGH
OpenEMR <8.0.0 - Auth Bypass
CVSS 7.1
Details
Vulnerabilities
1,571
Exploit Likelihood
High