Vulnerabilities > Authorization Bypass Through User-Controlled Key
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-03-24 | CVE-2023-24625 | Authorization Bypass Through User-Controlled Key vulnerability in Ladybirdweb Faveo Servicedesk 5.0.1 Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack. | 6.5 |
2023-03-24 | CVE-2023-28686 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. | 7.1 |
2023-03-23 | CVE-2023-28334 | Authorization Bypass Through User-Controlled Key vulnerability in Moodle Authenticated users were able to enumerate other users' names via the learning plans page. | 4.3 |
2023-03-21 | CVE-2023-1462 | Authorization Bypass Through User-Controlled Key vulnerability in Vadi Digikent Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. This issue affects DigiKent: before 23.03.20. | 8.8 |
2023-03-17 | CVE-2023-1463 | Authorization Bypass Through User-Controlled Key vulnerability in Teampass Authorization Bypass Through User-Controlled Key in GitHub repository nilsteampassnet/teampass prior to 3.0.0.23. | 5.4 |
2023-03-16 | CVE-2023-28109 | Authorization Bypass Through User-Controlled Key vulnerability in Play-With-Docker Play With Docker 0.0.1/0.0.2 Play With Docker is a browser-based Docker playground. | 6.5 |
2023-03-06 | CVE-2021-36400 | Authorization Bypass Through User-Controlled Key vulnerability in Moodle In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | 5.3 |
2023-03-03 | CVE-2023-25403 | Authorization Bypass Through User-Controlled Key vulnerability in Yf-Exam Project Yf-Exam 1.8.0 CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. | 7.5 |
2023-02-17 | CVE-2023-0882 | Authorization Bypass Through User-Controlled Key vulnerability in Krontech Single Connect 2.16 Improper Input Validation, Authorization Bypass Through User-Controlled Key vulnerability in Kron Tech Single Connect on Windows allows Privilege Abuse. This issue affects Single Connect: 2.16. | 8.8 |
2023-02-13 | CVE-2023-25160 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Mail Nextcloud Mail is an email app for the Nextcloud home server platform. | 5.3 |