Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2023-10-09 CVE-2023-42455 Authorization Bypass Through User-Controlled Key vulnerability in Wazuh Wazuh-Dashboard and Wazuh-Kibana-App
Wazuh is a security detection, visibility, and compliance open source project.
network
low complexity
wazuh CWE-639
8.8
2023-10-05 CVE-2023-26237 Authorization Bypass Through User-Controlled Key vulnerability in Watchguard products
An issue was discovered in WatchGuard EPDR 8.0.21.0002.
local
low complexity
watchguard CWE-639
6.7
2023-10-03 CVE-2023-2544 Authorization Bypass Through User-Controlled Key vulnerability in UPV Peix
Authorization bypass vulnerability in UPV PEIX, affecting the component "pdf_curri_new.php".
network
low complexity
upv CWE-639
6.5
2023-10-03 CVE-2023-32669 Authorization Bypass Through User-Controlled Key vulnerability in Buddyboss 2.2.9
Authorization bypass vulnerability in BuddyBoss 2.2.9 version, the exploitation of which could allow an authenticated user to access and rename other users' albums.
network
low complexity
buddyboss CWE-639
5.4
2023-10-03 CVE-2023-4099 Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0
The QSige Monitor application does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so.
network
low complexity
qsige CWE-639
6.5
2023-10-03 CVE-2023-4101 Authorization Bypass Through User-Controlled Key vulnerability in Qsige 3.0.0.0
The QSige login SSO does not have an access control mechanism to verify whether the user requesting a resource has sufficient permissions to do so.
network
low complexity
qsige CWE-639
6.5
2023-09-28 CVE-2023-38872 Authorization Bypass Through User-Controlled Key vulnerability in Economizzer 0.9/April2023
An Insecure Direct Object Reference (IDOR) vulnerability in gugoan Economizzer commit 3730880 (April 2023) and v.0.9-beta1 allows any unauthenticated attacker to access cash book entry attachments of any other user, if they know the Id of the attachment.
network
high complexity
economizzer CWE-639
3.7
2023-09-27 CVE-2023-44154 Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 15
Sensitive information disclosure and manipulation due to improper authorization.
network
low complexity
acronis CWE-639
8.1
2023-09-27 CVE-2023-44205 Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 15
Sensitive information disclosure due to improper authorization.
network
low complexity
acronis CWE-639
5.3
2023-09-27 CVE-2023-44206 Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 15
Sensitive information disclosure and manipulation due to improper authorization.
network
low complexity
acronis CWE-639
critical
9.1