Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-10 | CVE-2023-48783 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortiportal An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | 5.4 |
| 2024-01-09 | CVE-2023-49251 | Authorization Bypass Through User-Controlled Key vulnerability in Siemens Simatic CN 4100 2.5 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). | 9.8 |
| 2024-01-07 | CVE-2024-0264 | Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Clinic Queuing System 1.0 A vulnerability was found in SourceCodester Clinic Queuing System 1.0. | 9.8 |
| 2024-01-05 | CVE-2023-51502 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Stripe 7.6.1 Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. | 9.8 |
| 2024-01-03 | CVE-2023-50342 | Authorization Bypass Through User-Controlled Key vulnerability in Hcltech Dryice Myxalytics 5.9/6.0/6.1 HCL DRYiCE MyXalytics is impacted by an Insecure Direct Object Reference (IDOR) vulnerability. | 4.3 |
| 2024-01-02 | CVE-2023-45892 | Authorization Bypass Through User-Controlled Key vulnerability in Floorsightsoftware Insight Q32023 An issue discovered in the Order and Invoice pages in Floorsight Insights Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | 7.5 |
| 2024-01-02 | CVE-2023-45893 | Authorization Bypass Through User-Controlled Key vulnerability in Floorsightsoftware Customer Portal Q32023 An indirect Object Reference (IDOR) in the Order and Invoice pages in Floorsight Customer Portal Q3 2023 allows an unauthenticated remote attacker to view sensitive customer information. | 7.5 |
| 2023-12-31 | CVE-2023-51503 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woopayments Authorization Bypass Through User-Controlled Key vulnerability in Automattic WooPayments – Fully Integrated Solution Built and Supported by Woo.This issue affects WooPayments – Fully Integrated Solution Built and Supported by Woo: from n/a through 6.9.2. | 7.5 |
| 2023-12-28 | CVE-2023-50267 | Authorization Bypass Through User-Controlled Key vulnerability in Metersphere MeterSphere is a one-stop open source continuous testing platform. | 4.3 |
| 2023-12-21 | CVE-2023-46646 | Authorization Bypass Through User-Controlled Key vulnerability in Github Enterprise Server Improper access control in all versions of GitHub Enterprise Server allows unauthorized users to view private repository names via the "Get a check run" API endpoint. | 5.3 |