Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-04 | CVE-2023-30216 | Authorization Bypass Through User-Controlled Key vulnerability in Newbee-Mall Project Newbee-Mall 1.0/20191023 Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information. | 5.4 |
| 2023-05-04 | CVE-2023-30550 | Authorization Bypass Through User-Controlled Key vulnerability in Metersphere MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. | 4.5 |
| 2023-04-15 | CVE-2018-17449 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. | 7.5 |
| 2023-04-15 | CVE-2018-17455 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. | 7.5 |
| 2023-04-14 | CVE-2022-45175 | Authorization Bypass Through User-Controlled Key vulnerability in Liveboxcloud Vdesk An issue was discovered in LIVEBOX Collaboration vDesk through v018. | 6.5 |
| 2023-04-05 | CVE-2023-0967 | Authorization Bypass Through User-Controlled Key vulnerability in Imaworldhealth Bhima 1.27.0 Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. | 6.5 |
| 2023-04-04 | CVE-2023-1749 | Authorization Bypass Through User-Controlled Key vulnerability in Getnexx products The listed versions of Nexx Smart Home devices lack proper access control when executing actions. | 6.5 |
| 2023-04-04 | CVE-2023-1750 | Authorization Bypass Through User-Controlled Key vulnerability in Getnexx products The listed versions of Nexx Smart Home devices lack proper access control when executing actions. | 7.1 |
| 2023-03-29 | CVE-2023-26984 | Authorization Bypass Through User-Controlled Key vulnerability in Peppermint 0.2.4 An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request. | 8.1 |
| 2023-03-24 | CVE-2023-24625 | Authorization Bypass Through User-Controlled Key vulnerability in Ladybirdweb Faveo Servicedesk 5.0.1 Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack. | 6.5 |