Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-12-23 | CVE-2022-4686 | Authorization Bypass Through User-Controlled Key vulnerability in Usememos Memos Authorization Bypass Through User-Controlled Key in GitHub repository usememos/memos prior to 0.9.0. | 9.8 |
| 2022-12-19 | CVE-2022-3876 | Authorization Bypass Through User-Controlled Key vulnerability in Clickstudios Passwordstate A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. | 6.5 |
| 2022-12-15 | CVE-2022-4505 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr Authorization Bypass Through User-Controlled Key in GitHub repository openemr/openemr prior to 7.0.0.2. | 4.3 |
| 2022-12-12 | CVE-2022-4097 | Authorization Bypass Through User-Controlled Key vulnerability in Updraftplus All-In-One Security The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). | 5.3 |
| 2022-12-09 | CVE-2022-38765 | Authorization Bypass Through User-Controlled Key vulnerability in Canon Vitrea View Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. | 6.5 |
| 2022-12-02 | CVE-2022-2808 | Authorization Bypass Through User-Controlled Key vulnerability in Algan Prens Student Information System Authorization Bypass Through User-Controlled Key vulnerability in Algan Software Prens Student Information System allows Object Relational Mapping Injection.This issue affects Prens Student Information System: before 2.1.11. | 8.8 |
| 2022-11-29 | CVE-2022-3995 | Authorization Bypass Through User-Controlled Key vulnerability in Standalonetech Terawallet The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. | 4.3 |
| 2022-11-29 | CVE-2022-43326 | Authorization Bypass Through User-Controlled Key vulnerability in Telosalliance Omnia MPX Node Firmware An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords. | 7.5 |
| 2022-11-28 | CVE-2022-24187 | Authorization Bypass Through User-Controlled Key vulnerability in Sz-Fujia Ourphoto 1.4.1 The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. | 7.5 |
| 2022-11-21 | CVE-2022-3589 | Authorization Bypass Through User-Controlled Key vulnerability in Miele Appwash An API Endpoint used by Miele's "AppWash" MobileApp in all versions was vulnerable to an authorization bypass. | 8.1 |