Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-24 | CVE-2023-28686 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. | 7.1 |
| 2023-03-23 | CVE-2023-28334 | Authorization Bypass Through User-Controlled Key vulnerability in Moodle Authenticated users were able to enumerate other users' names via the learning plans page. | 4.3 |
| 2023-03-21 | CVE-2023-1462 | Authorization Bypass Through User-Controlled Key vulnerability in Vadi Digikent Authorization Bypass Through User-Controlled Key vulnerability in Vadi Corporate Information Systems DigiKent allows Authentication Bypass, Authentication Abuse. This issue affects DigiKent: before 23.03.20. | 8.8 |
| 2023-03-06 | CVE-2021-36400 | Authorization Bypass Through User-Controlled Key vulnerability in Moodle In Moodle, insufficient capability checks made it possible to remove other users' calendar URL subscriptions. | 5.3 |
| 2023-03-03 | CVE-2023-25403 | Authorization Bypass Through User-Controlled Key vulnerability in Yf-Exam Project Yf-Exam 1.8.0 CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. | 7.5 |
| 2023-02-13 | CVE-2023-25160 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Mail Nextcloud Mail is an email app for the Nextcloud home server platform. | 5.3 |
| 2023-02-03 | CVE-2022-34138 | Authorization Bypass Through User-Controlled Key vulnerability in Biltema Baby Camera Firmware and IP Camera Firmware Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information. | 7.5 |
| 2023-01-26 | CVE-2021-36539 | Authorization Bypass Through User-Controlled Key vulnerability in Instructure Canvas Learning Management Service 20200729 Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url). | 6.5 |
| 2023-01-18 | CVE-2022-45927 | Authorization Bypass Through User-Controlled Key vulnerability in Opentext Extended ECM An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). | 8.8 |
| 2023-01-17 | CVE-2022-40319 | Authorization Bypass Through User-Controlled Key vulnerability in Lsoft Listserv 17.0 The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. | 7.5 |