Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-09-20 | CVE-2023-42334 | Authorization Bypass Through User-Controlled Key vulnerability in Fl3Xx Crew and Dispatch An Indirect Object Reference (IDOR) in Fl3xx Dispatch 2.10.37 and fl3xx Crew 2.10.37 allows a remote attacker to escalate privileges via the user parameter. | 6.5 |
| 2023-09-06 | CVE-2020-10130 | Authorization Bypass Through User-Controlled Key vulnerability in Searchblox SearchBlox before Version 9.1 is vulnerable to business logic bypass where the user is able to create multiple super admin users in the system. | 8.8 |
| 2023-09-04 | CVE-2023-4587 | Authorization Bypass Through User-Controlled Key vulnerability in Zkteco Zem800 Firmware 6.60 An IDOR vulnerability has been found in ZKTeco ZEM800 product affecting version 6.60. | 5.5 |
| 2023-08-14 | CVE-2023-28481 | Authorization Bypass Through User-Controlled Key vulnerability in Tigergraph 3.7.0 An issue was discovered in Tigergraph Enterprise 3.7.0. | 8.8 |
| 2023-08-10 | CVE-2023-37543 | Authorization Bypass Through User-Controlled Key vulnerability in Cacti Cacti before 1.2.6 allows IDOR (Insecure Direct Object Reference) for accessing any graph via a modified local_graph_id parameter to graph_xport.php. | 7.5 |
| 2023-07-13 | CVE-2023-2190 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. | 6.5 |
| 2023-07-10 | CVE-2023-3219 | Authorization Bypass Through User-Controlled Key vulnerability in Myeventon Eventon The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post. | 5.3 |
| 2023-07-06 | CVE-2023-37242 | Authorization Bypass Through User-Controlled Key vulnerability in Huawei Emui and Harmonyos Vulnerability of commands from the modem being intercepted in the atcmdserver module. | 9.8 |
| 2023-07-05 | CVE-2022-42175 | Authorization Bypass Through User-Controlled Key vulnerability in Soluslabs Solusvm 4.1.2 Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization. | 8.8 |
| 2023-06-20 | CVE-2023-26428 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Xchange Appsuite Backend Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. | 6.5 |