Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-05-20 | CVE-2023-2713 | Authorization Bypass Through User-Controlled Key vulnerability in Rental Module Project Rental Module Authorization Bypass Through User-Controlled Key vulnerability in "Rental Module" developed by third-party for Ideasoft's E-commerce Platform allows Authentication Abuse, Authentication Bypass.This issue affects Rental Module: before 23.05.15. | 9.8 |
| 2023-05-20 | CVE-2023-2276 | Authorization Bypass Through User-Controlled Key vulnerability in Wclovers Wcfm Membership The WCFM Membership – WooCommerce Memberships for Multivendor Marketplace plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 2.10.7. | 9.8 |
| 2023-05-16 | CVE-2023-2548 | Authorization Bypass Through User-Controlled Key vulnerability in Metagauss Registrationmagic The RegistrationMagic plugin for WordPress is vulnerable to Insecure Direct Object References in versions up to, and including, 5.2.0.5. | 7.2 |
| 2023-05-08 | CVE-2023-31182 | Authorization Bypass Through User-Controlled Key vulnerability in Easytor EasyTor Applications – Authorization Bypass - EasyTor Applications may allow authorization bypass via unspecified method. | 9.8 |
| 2023-05-04 | CVE-2023-30216 | Authorization Bypass Through User-Controlled Key vulnerability in Newbee-Mall Project Newbee-Mall 1.0/20191023 Insecure permissions in the updateUserInfo function of newbee-mall before commit 1f2c2dfy allows attackers to obtain user account information. | 5.4 |
| 2023-05-04 | CVE-2023-30550 | Authorization Bypass Through User-Controlled Key vulnerability in Metersphere MeterSphere is an open source continuous testing platform, covering functions such as test tracking, interface testing, UI testing, and performance testing. | 4.5 |
| 2023-05-03 | CVE-2023-28656 | Authorization Bypass Through User-Controlled Key vulnerability in F5 products NGINX Management Suite may allow an authenticated attacker to gain access to configuration objects outside of their assigned environment. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 8.1 |
| 2023-04-24 | CVE-2023-2260 | Authorization Bypass Through User-Controlled Key vulnerability in ALF Authorization Bypass Through User-Controlled Key in GitHub repository alfio-event/alf.io prior to 2.0-M4-2304. | 8.8 |
| 2023-04-15 | CVE-2018-17449 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Community and Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. | 7.5 |
| 2023-04-15 | CVE-2018-17455 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue was discovered in GitLab Enterprise Edition before 11.1.7, 11.2.x before 11.2.4, and 11.3.x before 11.3.1. | 7.5 |