Vulnerabilities > Authorization Bypass Through User-Controlled Key
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-07-13 | CVE-2023-2190 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue has been discovered in GitLab CE/EE affecting all versions starting from 13.10 before 15.11.10, all versions starting from 16.0 before 16.0.6, all versions starting from 16.1 before 16.1.1. | 6.5 |
2023-07-10 | CVE-2023-3219 | Authorization Bypass Through User-Controlled Key vulnerability in Myeventon Eventon The EventON WordPress plugin before 2.1.2 does not validate that the event_id parameter in its eventon_ics_download ajax action is a valid Event, allowing unauthenticated visitors to access any Post (including unpublished or protected posts) content via the ics export functionality by providing the numeric id of the post. | 5.3 |
2023-07-06 | CVE-2023-37242 | Authorization Bypass Through User-Controlled Key vulnerability in Huawei Emui and Harmonyos Vulnerability of commands from the modem being intercepted in the atcmdserver module. | 9.8 |
2023-07-05 | CVE-2022-42175 | Authorization Bypass Through User-Controlled Key vulnerability in Soluslabs Solusvm 4.1.2 Insecure Direct Object Reference vulnerability in WHMCS module SolusVM 1 4.1.2 allows an attacker to change the password and hostname of other customer servers without authorization. | 8.8 |
2023-06-20 | CVE-2023-26428 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Xchange Appsuite Backend Attackers can successfully request arbitrary snippet IDs, including E-Mail signatures of other users within the same context. | 6.5 |
2023-06-07 | CVE-2021-33223 | Authorization Bypass Through User-Controlled Key vulnerability in Seeddms 6.0.15 An issue discovered in SeedDMS 6.0.15 allows an attacker to escalate privileges via the userid and role parameters in the out.UsrMgr.php file. | 8.8 |
2023-06-05 | CVE-2023-33956 | Authorization Bypass Through User-Controlled Key vulnerability in Kanboard Kanboard is open source project management software that focuses on the Kanban methodology. | 6.5 |
2023-06-05 | CVE-2023-3066 | Authorization Bypass Through User-Controlled Key vulnerability in Mobatime Amxgt 100 1.3.20 Incorrect Authorization vulnerability in Mobatime mobile application AMXGT100 allows a low-privileged user to impersonate anyone else, including administratorsThis issue affects Mobatime mobile application AMXGT100: through 1.3.20. | 8.1 |
2023-06-01 | CVE-2023-32310 | Authorization Bypass Through User-Controlled Key vulnerability in Dataease DataEase is an open source data visualization and analysis tool. | 8.1 |
2023-05-30 | CVE-2022-36247 | Authorization Bypass Through User-Controlled Key vulnerability in Shopbeat Shop Beat Media Player 2.5.95 Shop Beat Solutions (Pty) LTD Shop Beat Media Player 2.5.95 up to 3.2.57 is vulnerable to IDOR via controlpanel.shopbeat.co.za. | 9.1 |