Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-05-20 | CVE-2024-4151 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. | 8.1 |
| 2024-05-16 | CVE-2024-4279 | Authorization Bypass Through User-Controlled Key vulnerability in Themeum Tutor LMS The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to Insecure Direct Object Reference to Arbitrary Course Deletion in versions up to, and including, 2.7.0 via the 'tutor_course_delete' function due to missing validation on a user controlled key. | 6.5 |
| 2024-05-14 | CVE-2024-4817 | Authorization Bypass Through User-Controlled Key vulnerability in Campcodes Online Laundry Management System 1.0 A vulnerability has been found in Campcodes Online Laundry Management System 1.0 and classified as critical. | 8.8 |
| 2024-05-14 | CVE-2024-4819 | Authorization Bypass Through User-Controlled Key vulnerability in Campcodes Online Laundry Management System 1.0 A vulnerability was found in Campcodes Online Laundry Management System 1.0. | 8.8 |
| 2024-04-16 | CVE-2024-1626 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary repository, version 0.3.0, within the project update endpoint. | 8.1 |
| 2024-04-15 | CVE-2023-45808 | Authorization Bypass Through User-Controlled Key vulnerability in Combodo Itop iTop is an IT service management platform. | 5.4 |
| 2024-04-10 | CVE-2024-1625 | Authorization Bypass Through User-Controlled Key vulnerability in Lunary 0.3.0 An Insecure Direct Object Reference (IDOR) vulnerability exists in the lunary-ai/lunary application version 0.3.0, allowing unauthorized deletion of any organization's project. | 6.5 |
| 2024-04-09 | CVE-2024-1289 | Authorization Bypass Through User-Controlled Key vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.6.3 due to missing validation on a user controlled key when looking up order information. | 5.4 |
| 2024-04-01 | CVE-2024-3139 | Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Computer Laboratory Management System 1.0 A vulnerability, which was classified as critical, has been found in SourceCodester Computer Laboratory Management System 1.0. | 5.4 |
| 2024-03-29 | CVE-2024-29020 | Authorization Bypass Through User-Controlled Key vulnerability in Fit2Cloud Jumpserver JumpServer is an open source bastion host and an operation and maintenance security audit system. | 5.3 |