Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-08 | CVE-2022-1996 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. | 9.1 |
| 2022-06-02 | CVE-2022-1949 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products An access control bypass vulnerability found in 389-ds-base. | 7.5 |
| 2022-06-02 | CVE-2022-29627 | Authorization Bypass Through User-Controlled Key vulnerability in Online Market Place Site Project Online Market Place Site 1.0 An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. | 4.0 |
| 2022-05-26 | CVE-2022-30495 | Authorization Bypass Through User-Controlled Key vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) | 7.5 |
| 2022-05-23 | CVE-2022-1810 | Authorization Bypass Through User-Controlled Key vulnerability in Publify Project Publify Authorization Bypass Through User-Controlled Key in GitHub repository publify/publify prior to 9.2.9. | 4.3 |
| 2022-05-20 | CVE-2022-29434 | Authorization Bypass Through User-Controlled Key vulnerability in Spiffyplugins Spiffy Calendar Insecure Direct Object References (IDOR) vulnerability in Spiffy Plugins Spiffy Calendar <= 4.9.0 at WordPress allows an attacker to edit or delete events. | 4.0 |
| 2022-05-20 | CVE-2022-29159 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck Nextcloud Deck is a Kanban-style project & personal management tool for Nextcloud. | 4.0 |
| 2022-05-16 | CVE-2022-1425 | Authorization Bypass Through User-Controlled Key vulnerability in 2Code Wpqa Builder The WPQA Builder Plugin WordPress plugin before 5.2, used as a companion plugin for the Discy and Himer , does not validate that the message_id of the wpqa_message_view ajax action belongs to the requesting user, leading to any user being able to read messages for any other users via a Insecure Direct Object Reference (IDOR) vulnerability. | 4.0 |
| 2022-05-13 | CVE-2022-27247 | Authorization Bypass Through User-Controlled Key vulnerability in Cdsoft Winhotel.Mx 2021 onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference. | 5.0 |
| 2022-05-11 | CVE-2022-1352 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members. | 5.0 |