Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-04-10 | CVE-2024-1625 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary 0.3.0 An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. | 6.5 |
| 2024-04-09 | CVE-2024-1289 | Authorization Bypass Through User-Controlled Key vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. | 5.4 |
| 2024-04-01 | CVE-2024-3139 | Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Computer Laboratory Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. | 5.4 |
| 2024-03-29 | CVE-2024-29020 | Authorization Bypass Through User-Controlled Key vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host and an operation and maintenance security audit system. | 5.3 |
| 2024-03-29 | CVE-2024-29024 | Authorization Bypass Through User-Controlled Key vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host and an operation and maintenance security audit system. An authenticated user can exploit the Insecure Direct Object Reference (IDOR) vulnerability in the file manager's bulk transfer by manipulating job IDs to upload malicious files, potentially compromising the integrity and security of the system. | 5.3 |
| 2024-03-13 | CVE-2023-6969 | Authorization Bypass Through User-Controlled Key vulnerability in Kylebjohnson User Shortcodes Plus The User Shortcodes Plus plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the user_meta shortcode due to missing validation on a user controlled key. | 4.3 |
| 2024-02-29 | CVE-2024-1470 | Authorization Bypass Through User-Controlled Key vulnerability in Netiq Client Login Extension 4.6 Authorization Bypass Through User-Controlled Key vulnerability in NetIQ (OpenText) Client Login Extension on Windows allows Privilege Escalation, Code Injection.This issue only affects NetIQ Client Login Extension: 4.6. | 7.8 |
| 2024-02-19 | CVE-2024-25983 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Insufficient checks in a web service made it possible to add comments to the comments block on another user's dashboard when it was not otherwise available (e.g., on their profile page). | 5.3 |
| 2024-02-13 | CVE-2023-49339 | Authorization Bypass Through User-Controlled Key vulnerability in Ellucian Banner Ellucian Banner 9.17 allows Insecure Direct Object Reference (IDOR) via a modified bannerId to the /StudentSelfService/ssb/studentCard/retrieveData endpoint. | 6.5 |
| 2024-02-12 | CVE-2024-0421 | Authorization Bypass Through User-Controlled Key vulnerability in Mappresspro Mappress Maps for Wordpress The MapPress Maps for WordPress plugin before 2.88.16 is affected by an IDOR as it does not ensure that posts to be retrieve via an AJAX action is a public map, allowing unauthenticated users to read arbitrary private and draft posts. | 5.3 |