Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-14 | CVE-2023-22471 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. | 4.3 |
| 2022-12-19 | CVE-2022-3876 | Authorization Bypass Through User-Controlled Key vulnerability in Clickstudios Passwordstate A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. | 6.5 |
| 2022-12-12 | CVE-2022-4097 | Authorization Bypass Through User-Controlled Key vulnerability in Updraftplus All-In-One Security The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). | 5.3 |
| 2022-12-09 | CVE-2022-38765 | Authorization Bypass Through User-Controlled Key vulnerability in Canon Vitrea View Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. | 6.5 |
| 2022-11-29 | CVE-2022-3995 | Authorization Bypass Through User-Controlled Key vulnerability in Standalonetech Terawallet The TeraWallet plugin for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 1.4.3. | 4.3 |
| 2022-11-29 | CVE-2022-43326 | Authorization Bypass Through User-Controlled Key vulnerability in Telosalliance Omnia MPX Node Firmware An Insecure Direct Object Reference (IDOR) vulnerability in the password reset function of Telos Alliance Omnia MPX Node 1.0.0-1.4.[*] allows attackers to arbitrarily change user and Administrator account passwords. | 7.5 |
| 2022-11-28 | CVE-2022-24187 | Authorization Bypass Through User-Controlled Key vulnerability in Sz-Fujia Ourphoto 1.4.1 The user_id and device_id on the Ourphoto App version 1.4.1 /device/* end-points both suffer from insecure direct object reference vulnerabilities. | 7.5 |
| 2022-11-18 | CVE-2022-43492 | Authorization Bypass Through User-Controlled Key vulnerability in Gvectors Wpdiscuz 7.4.2 Auth. | 8.8 |
| 2022-11-16 | CVE-2022-44005 | Authorization Bypass Through User-Controlled Key vulnerability in Backclick 5.9.63 An issue was discovered in BACKCLICK Professional 5.9.63. | 5.3 |
| 2022-11-15 | CVE-2022-42129 | Authorization Bypass Through User-Controlled Key vulnerability in Liferay Digital Experience Platform and Liferay Portal An Insecure direct object reference (IDOR) vulnerability in the Dynamic Data Mapping module in Liferay Portal 7.3.2 through 7.4.3.4, and Liferay DXP 7.3 before update 4, and 7.4 GA allows remote authenticated users to view and access form entries via the `formInstanceRecordId` parameter. | 4.3 |