Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-20 | CVE-2023-41796 | Authorization Bypass Through User-Controlled Key vulnerability in Sunshinephotocart Sunshine Photo Cart Authorization Bypass Through User-Controlled Key vulnerability in WP Sunshine Sunshine Photo Cart: Free Client Galleries for Photographers.This issue affects Sunshine Photo Cart: Free Client Galleries for Photographers: from n/a before 3.0.0. | 6.5 |
| 2023-12-20 | CVE-2023-46311 | Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpdiscuz Authorization Bypass Through User-Controlled Key vulnerability in gVectors Team Comments – wpDiscuz.This issue affects Comments – wpDiscuz: from n/a through 7.6.3. | 6.5 |
| 2023-12-19 | CVE-2023-6929 | Authorization Bypass Through User-Controlled Key vulnerability in Eurotel Etl3100 Firmware 01C01/01X37 EuroTel ETL3100 versions v01c01 and v01x37 are vulnerable to insecure direct object references that occur when the application provides direct access to objects based on user-supplied input. | 9.8 |
| 2023-12-19 | CVE-2022-43450 | Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream Authorization Bypass Through User-Controlled Key vulnerability in XWP Stream.This issue affects Stream: from n/a through 3.9.2. | 6.5 |
| 2023-12-19 | CVE-2023-49812 | Authorization Bypass Through User-Controlled Key vulnerability in Wppa WP Photo Album Plus Authorization Bypass Through User-Controlled Key vulnerability in J.N. | 7.5 |
| 2023-12-12 | CVE-2023-46701 | Authorization Bypass Through User-Controlled Key vulnerability in Mattermost Server Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID | 5.3 |
| 2023-12-12 | CVE-2023-48641 | Authorization Bypass Through User-Controlled Key vulnerability in Archerirm Archer Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. | 8.8 |
| 2023-11-30 | CVE-2023-6341 | Authorization Bypass Through User-Controlled Key vulnerability in Catalisgov Cms360 Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. | 5.3 |
| 2023-11-28 | CVE-2023-6226 | Authorization Bypass Through User-Controlled Key vulnerability in Getshortcodes Shortcodes Ultimate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. | 4.3 |
| 2023-11-24 | CVE-2023-49298 | Authorization Bypass Through User-Controlled Key vulnerability in Openzfs OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. | 7.5 |