Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-24 | CVE-2022-0732 | Authorization Bypass Through User-Controlled Key vulnerability in 1Byte products The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. | 7.5 |
| 2022-02-23 | CVE-2022-0731 | Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | 6.5 |
| 2022-02-19 | CVE-2022-24979 | Authorization Bypass Through User-Controlled Key vulnerability in Mittwald Varnishcache An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. | 5.3 |
| 2022-02-18 | CVE-2022-25336 | Authorization Bypass Through User-Controlled Key vulnerability in Ibexa EZ Platform Kernel Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced. | 5.3 |
| 2022-02-16 | CVE-2022-0613 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. | 6.5 |
| 2022-02-15 | CVE-2021-46249 | Authorization Bypass Through User-Controlled Key vulnerability in Scratchoauth2 Project Scratchoauth2 An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps. | 6.5 |
| 2022-02-09 | CVE-2021-3813 | Authorization Bypass Through User-Controlled Key vulnerability in Chatwoot Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. | 6.5 |
| 2022-02-08 | CVE-2022-21713 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. | 4.3 |
| 2022-02-07 | CVE-2021-25096 | Authorization Bypass Through User-Controlled Key vulnerability in Ip2Location Country Blocker The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL | 6.5 |
| 2022-02-06 | CVE-2022-22832 | Authorization Bypass Through User-Controlled Key vulnerability in Servisnet Tessa 0.0.2 An issue was discovered in Servisnet Tessa 0.0.2. | 9.8 |