Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-18 | CVE-2022-41479 | Authorization Bypass Through User-Controlled Key vulnerability in Devexpress Asp.Net web Forms Controls 19.2.3 The DevExpress Resource Handler (ASPxHttpHandlerModule) in DevExpress ASP.NET Web Forms Build v19.2.3 does not verify the referenced objects in the /DXR.axd?r= HTTP GET parameter. | 7.5 |
| 2022-10-17 | CVE-2022-3331 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 14.5 before 15.1.6, all versions starting from 15.2 before 15.2.4, all versions starting from 15.3 before 15.3.2. | 4.3 |
| 2022-10-17 | CVE-2022-3282 | Authorization Bypass Through User-Controlled Key vulnerability in Codedropz Drag and Drop multiple File Upload - Contact Form 7 The Drag and Drop Multiple File Upload WordPress plugin before 1.3.6.5 does not properly check for the upload size limit set in forms, taking the value from user input sent when submitting the form. | 4.3 |
| 2022-10-14 | CVE-2022-42067 | Authorization Bypass Through User-Controlled Key vulnerability in Online Birth Certificate Management System Project Online Birth Certificate Management System 1.0 Online Birth Certificate Management System version 1.0 suffers from an Insecure Direct Object Reference (IDOR) vulnerability | 4.3 |
| 2022-10-13 | CVE-2022-2828 | Authorization Bypass Through User-Controlled Key vulnerability in Octopus Server In affected versions of Octopus Server it is possible to reveal information about teams via the API due to an Insecure Direct Object Reference (IDOR) vulnerability | 6.5 |
| 2022-09-30 | CVE-2021-36865 | Authorization Bypass Through User-Controlled Key vulnerability in Quizandsurveymaster Quiz and Survey Master Insecure direct object references (IDOR) vulnerability in ExpressTech Quiz And Survey Master plugin <= 7.3.4 at WordPress allows attackers to change the content of the quiz. | 4.3 |
| 2022-09-26 | CVE-2022-1613 | Authorization Bypass Through User-Controlled Key vulnerability in 10Up Restricted Site Access The Restricted Site Access WordPress plugin before 7.3.2 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based limitations in certain situations. | 5.3 |
| 2022-09-19 | CVE-2022-1580 | Authorization Bypass Through User-Controlled Key vulnerability in Freehtmldesigns Site Offline The Site Offline Or Coming Soon Or Maintenance Mode WordPress plugin before 1.5.3 prevents users from accessing a website but does not do so if the URL contained certain keywords. | 4.3 |
| 2022-09-16 | CVE-2022-2877 | Authorization Bypass Through User-Controlled Key vulnerability in Cm-Wp Titan Anti-Spam & Security The Titan Anti-spam & Security WordPress plugin before 7.3.1 does not properly checks HTTP headers in order to validate the origin IP address, allowing threat actors to bypass it's block feature by spoofing the headers. | 5.3 |
| 2022-09-16 | CVE-2022-2913 | Authorization Bypass Through User-Controlled Key vulnerability in Login NO Captcha Recaptcha Project Login NO Captcha Recaptcha The Login No Captcha reCAPTCHA WordPress plugin before 1.7 doesn't check the proper IP address allowing attackers to spoof IP addresses on the allow list and bypass the need for captcha on the login screen. | 4.3 |