Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2023-01-18 CVE-2022-45927 Authorization Bypass Through User-Controlled Key vulnerability in Opentext Extended ECM
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803).
network
low complexity
opentext CWE-639
8.8
2023-01-17 CVE-2022-40319 Authorization Bypass Through User-Controlled Key vulnerability in Lsoft Listserv 17.0
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL.
network
low complexity
lsoft CWE-639
7.5
2023-01-14 CVE-2023-22471 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
network
low complexity
nextcloud CWE-639
4.3
2023-01-09 CVE-2022-3343 Authorization Bypass Through User-Controlled Key vulnerability in 2Code Wpqa Builder 5.2/5.7/5.9
The WPQA Builder WordPress plugin before 5.9.3 (which is a companion plugin used with Discy and Himer WordPress themes) incorrectly tries to validate that a user already follows another in the wpqa_following_you_ajax action, allowing a user to inflate their score on the site by having another user send repeated follow actions to them.
network
low complexity
2code CWE-639
3.5
2023-01-02 CVE-2022-4340 Authorization Bypass Through User-Controlled Key vulnerability in Reputeinfosystems Bookingpress
The BookingPress WordPress plugin before 1.0.31 suffers from an Insecure Direct Object Reference (IDOR) vulnerability in it's thank you page, allowing any visitor to display information about any booking, including full name, date, time and service booked, by manipulating the appointment_id query parameter.
network
low complexity
reputeinfosystems CWE-639
5.3
2023-01-02 CVE-2022-4417 Authorization Bypass Through User-Controlled Key vulnerability in Cerber WP Cerber Security, Anti-Spam & Malware Scan
The WP Cerber Security, Anti-spam & Malware Scan WordPress plugin before 9.3.3 does not properly block access to the REST API users endpoint when the blog is in a subdirectory, which could allow attackers to bypass the restriction in place and list users
network
low complexity
cerber CWE-639
5.3
2022-12-28 CVE-2022-4798 Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.
network
low complexity
CWE-639
5.3
2022-12-28 CVE-2022-4799 Improper Authentication in GitHub repository usememos/memos prior to 0.9.1.
network
low complexity
CWE-639
6.5
2022-12-28 CVE-2022-4802 Improper Authorization in GitHub repository usememos/memos prior to 0.9.1.
network
low complexity
CWE-639
5.4
2022-12-28 CVE-2022-4803 Improper Access Control in GitHub repository usememos/memos prior to 0.9.1.
network
low complexity
CWE-639
8.8