Vulnerabilities > Authorization Bypass Through User-Controlled Key
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-05 | CVE-2022-42175 | Authorization Bypass Through User-Controlled Key vulnerability in Soluslabs Solusvm 4.1.2 Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization. | 8.8 |
2023-06-23 | CVE-2023-23679 | Authorization Bypass Through User-Controlled Key vulnerability in Jshelpdesk Authorization Bypass Through User-Controlled Key vulnerability in JS Help Desk js-support-ticket allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JS Help Desk: from n/a through 2.7.7. | 8.8 |
2023-06-20 | CVE-2023-26428 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Xchange Appsuite Backend Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. | 6.5 |
2023-06-14 | CVE-2023-34000 | Authorization Bypass Through User-Controlled Key vulnerability in Woocommerce Stripe Payment Gateway Unauth. | 7.5 |
2023-06-13 | CVE-2023-3048 | Authorization Bypass Through User-Controlled Key vulnerability in Tmtmakine Lockcell Firmware Authorization Bypass Through User-Controlled Key vulnerability in TMT Lockcell allows Authentication Abuse, Authentication Bypass.This issue affects Lockcell: before 15. | 9.8 |
2023-06-07 | CVE-2021-33223 | Authorization Bypass Through User-Controlled Key vulnerability in Seeddms 6.0.15 An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file. | 8.8 |
2023-06-06 | CVE-2023-0985 | Authorization Bypass Through User-Controlled Key vulnerability in Mbconnectline Mbconnect24 and Mymbconnect24 An Authorization Bypass vulnerability was found in MB Connect Lines mbCONNECT24, mymbCONNECT24 and Helmholz' myREX24 and myREX24.virtual version <= 2.13.3. An authenticated remote user with low privileges can change the password of any user in the same account. | 8.8 |
2023-06-05 | CVE-2023-33956 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard Kanboard is open source project management software that focuses on the Kanban methodology. | 6.5 |
2023-06-05 | CVE-2023-3066 | Authorization Bypass Through User-Controlled Key vulnerability in Mobatime Amxgt 100 Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20. | 8.1 |
2023-06-01 | CVE-2023-32310 | Authorization Bypass Through User-Controlled Key vulnerability in Dataease DataEase is an open source data visualization and analysis tool. | 8.1 |