Vulnerabilities > Authorization Bypass Through User-Controlled Key
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-18 | CVE-2024-0580 | Authorization Bypass Through User-Controlled Key vulnerability in Idmsistemas Sinergia 2.0 Omission of user-controlled key authorization in the IDMSistemas platform, affecting the QSige product. | 7.5 |
2024-01-17 | CVE-2023-7031 | Authorization Bypass Through User-Controlled Key vulnerability in Avaya Aura Experience Portal Insecure Direct Object Reference vulnerabilities were discovered in the Avaya Aura Experience Portal Manager which may allow partial information disclosure to an authenticated non-privileged user. | 4.3 |
2024-01-17 | CVE-2023-36235 | Authorization Bypass Through User-Controlled Key vulnerability in Webkul Qloapps An issue in webkul qloapps before v1.6.0 allows an attacker to obtain sensitive information via the id_order parameter. | 6.5 |
2024-01-12 | CVE-2024-22206 | Authorization Bypass Through User-Controlled Key vulnerability in Clerk Javascript Clerk helps developers build user management. | 9.8 |
2024-01-11 | CVE-2023-6223 | Authorization Bypass Through User-Controlled Key vulnerability in Thimpress Learnpress The LearnPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.2.5.7 via the /wp-json/lp/v1/profile/course-tab REST API due to missing validation on the 'userID' user controlled key. | 4.3 |
2024-01-11 | CVE-2023-6630 | Authorization Bypass Through User-Controlled Key vulnerability in Rocklobster Contact Form 7 The Contact Form 7 – Dynamic Text Extension plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 4.1.0 via the CF7_get_custom_field and CF7_get_current_user shortcodes due to missing validation on a user controlled key. | 4.3 |
2024-01-10 | CVE-2023-48783 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortiportal An Authorization Bypass Through User-Controlled Key vulnerability [CWE-639] affecting PortiPortal version 7.2.1 and below, version 7.0.6 and below, version 6.0.14 and below, version 5.3.8 and below may allow a remote authenticated user with at least read-only permissions to access to other organization endpoints via crafted GET requests. | 5.4 |
2024-01-09 | CVE-2023-49251 | Authorization Bypass Through User-Controlled Key vulnerability in Siemens Simatic CN 4100 2.5 A vulnerability has been identified in SIMATIC CN 4100 (All versions < V2.7). | 9.8 |
2024-01-07 | CVE-2024-0264 | Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Clinic Queuing System 1.0 A vulnerability was found in SourceCodester Clinic Queuing System 1.0. | 9.8 |
2024-01-05 | CVE-2023-51502 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Woocommerce Stripe 7.6.1 Authorization Bypass Through User-Controlled Key vulnerability in WooCommerce WooCommerce Stripe Payment Gateway.This issue affects WooCommerce Stripe Payment Gateway: from n/a through 7.6.1. | 9.8 |