Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-14 | CVE-2022-45175 | Authorization Bypass Through User-Controlled Key vulnerability in Liveboxcloud Vdesk 018 An issue was discovered in LIVEBOX Collaboration vDesk through v018. | 6.5 |
| 2023-04-05 | CVE-2023-0967 | Authorization Bypass Through User-Controlled Key vulnerability in Imaworldhealth Bhima 1.27.0 Bhima version 1.27.0 allows an attacker authenticated with normal user permissions to view sensitive data of other application users and data that should only be viewed by the administrator. | 6.5 |
| 2023-04-04 | CVE-2023-1749 | Authorization Bypass Through User-Controlled Key vulnerability in Getnexx products The listed versions of Nexx Smart Home devices lack proper access control when executing actions. | 6.5 |
| 2023-04-04 | CVE-2023-1750 | Authorization Bypass Through User-Controlled Key vulnerability in Getnexx products The listed versions of Nexx Smart Home devices lack proper access control when executing actions. | 7.1 |
| 2023-03-29 | CVE-2023-26984 | Authorization Bypass Through User-Controlled Key vulnerability in Peppermint 0.2.4 An issue in the password reset function of Peppermint v0.2.4 allows attackers to access the emails and passwords of the Tickets page via a crafted request. | 8.1 |
| 2023-03-27 | CVE-2023-24834 | Authorization Bypass Through User-Controlled Key vulnerability in Wisdomgarden Tronclass Ilearn 2.3.2 WisdomGarden Tronclass has improper access control when uploading file. | 6.5 |
| 2023-03-27 | CVE-2023-24842 | Authorization Bypass Through User-Controlled Key vulnerability in Hgiga Oaklouds Mailsherlock 4.5 HGiga MailSherlock has vulnerability of insufficient access control. | 5.3 |
| 2023-03-24 | CVE-2023-24625 | Authorization Bypass Through User-Controlled Key vulnerability in Ladybirdweb Faveo Servicedesk 5.0.1 Faveo 5.0.1 allows remote attackers to obtain sensitive information via a modified user ID in an Insecure Direct Object Reference (IDOR) attack. | 6.5 |
| 2023-03-24 | CVE-2023-28686 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Dino before 0.2.3, 0.3.x before 0.3.2, and 0.4.x before 0.4.2 allows attackers to modify the personal bookmark store via a crafted message. | 7.1 |
| 2023-03-23 | CVE-2023-28334 | Authorization Bypass Through User-Controlled Key vulnerability in Moodle Authenticated users were able to enumerate other users' names via the learning plans page. | 4.3 |