Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE	CVE	VULNERABILITY TITLE	RISK
2022-11-29	CVE-2022-43326	Authorization Bypass Through User-Controlled Key vulnerability in Telosalliance Omnia MPX Node Firmware 1.0.0/1.4.9 An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords. network low complexity telosalliance CWE-639	7.5
2022-11-28	CVE-2022-24187	Authorization Bypass Through User-Controlled Key vulnerability in Sz-Fujia Ourphoto 1.4.1 The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. network low complexity sz-fujia CWE-639	7.5
2022-11-21	CVE-2022-3589	Authorization Bypass Through User-Controlled Key vulnerability in Miele Appwash An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. network low complexity miele CWE-639	8.1
2022-11-18	CVE-2022-43492	Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpdiscuz 7.4.2 Auth. network low complexity gvectors CWE-639	8.8
2022-11-16	CVE-2022-44005	Authorization Bypass Through User-Controlled Key vulnerability in Backclick 5.9.63 An issue was discovered in BACKCLICK Professional 5.9.63. network low complexity backclick CWE-639	5.3
2022-11-15	CVE-2022-42129	Authorization Bypass Through User-Controlled Key vulnerability in Liferay Digital Experience Platform and Liferay Portal An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter. network low complexity liferay CWE-639	4.3
2022-11-10	CVE-2022-3413	Authorization Bypass Through User-Controlled Key vulnerability in Gitlab Incorrect authorization during display of Audit Events in GitLab EE affecting all versions from 14.5 prior to 15.3.5, 15.4 prior to 15.4.4, and 15.5 prior to 15.5.2, allowed Developers to view the project's Audit Events and Developers or Maintainers to view the group's Audit Events. network low complexity gitlab CWE-639	4.3
2022-11-08	CVE-2022-40205	Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as solved/unsolved. network low complexity gvectors CWE-639	4.3
2022-11-08	CVE-2022-40206	Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpforo Forum Insecure direct object references (IDOR) vulnerability in the wpForo Forum plugin <= 2.0.5 on WordPress allows attackers with subscriber or higher user roles to mark any forum post as private/public. network low complexity gvectors CWE-639	4.3
2022-11-03	CVE-2021-36906	Authorization Bypass Through User-Controlled Key vulnerability in Expresstech Quiz and Survey Master Multiple Insecure Direct Object References (IDOR) vulnerabilities in ExpressTech Quiz And Survey Master plugin <= 7.3.6 on WordPress. network low complexity expresstech CWE-639	8.8