Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-18 | CVE-2022-45927 | Authorization Bypass Through User-Controlled Key vulnerability in Opentext Extended ECM An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). | 8.8 |
| 2023-01-17 | CVE-2022-40319 | Authorization Bypass Through User-Controlled Key vulnerability in Lsoft Listserv 17.0 The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. | 7.5 |
| 2023-01-14 | CVE-2023-22471 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. | 4.3 |
| 2023-01-09 | CVE-2022-3343 | Authorization Bypass Through User-Controlled Key vulnerability in 2Code Wpqa Builder 5.2/5.7/5.9 The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them. | 3.5 |
| 2023-01-02 | CVE-2022-4340 | Authorization Bypass Through User-Controlled Key vulnerability in Reputeinfosystems Bookingpress The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter. | 5.3 |
| 2023-01-02 | CVE-2022-4417 | Authorization Bypass Through User-Controlled Key vulnerability in Cerber WP Cerber Security, Anti-Spam & Malware Scan The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users | 5.3 |
| 2022-12-28 | CVE-2022-4798 | Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. | 5.3 |
| 2022-12-28 | CVE-2022-4799 | Improper Authentication in GitHub repository usememos/memos prior to 0.9.1. | 6.5 |
| 2022-12-28 | CVE-2022-4802 | Improper Authorization in GitHub repository usememos/memos prior to 0.9.1. | 5.4 |
| 2022-12-28 | CVE-2022-4803 | Improper Access Control in GitHub repository usememos/memos prior to 0.9.1. | 8.8 |