Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-03 | CVE-2023-25403 | Authorization Bypass Through User-Controlled Key vulnerability in Yf-Exam Project Yf-Exam 1.8.0 CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass. | 7.5 |
| 2023-02-13 | CVE-2023-25160 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Mail Nextcloud Mail is an email app for the Nextcloud home server platform. | 5.3 |
| 2023-02-03 | CVE-2022-34138 | Authorization Bypass Through User-Controlled Key vulnerability in Biltema Baby Camera Firmware and IP Camera Firmware Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information. | 7.5 |
| 2023-01-26 | CVE-2021-36539 | Authorization Bypass Through User-Controlled Key vulnerability in Instructure Canvas Learning Management Service 20200729 Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url). | 6.5 |
| 2023-01-18 | CVE-2022-45927 | Authorization Bypass Through User-Controlled Key vulnerability in Opentext Extended ECM An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803). | 8.8 |
| 2023-01-17 | CVE-2022-40319 | Authorization Bypass Through User-Controlled Key vulnerability in Lsoft Listserv 17.0 The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL. | 7.5 |
| 2023-01-14 | CVE-2023-22471 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud. | 4.3 |
| 2022-12-19 | CVE-2022-3876 | Authorization Bypass Through User-Controlled Key vulnerability in Clickstudios Passwordstate A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome. | 6.5 |
| 2022-12-12 | CVE-2022-4097 | Authorization Bypass Through User-Controlled Key vulnerability in Updraftplus All-In-One Security The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more). | 5.3 |
| 2022-12-09 | CVE-2022-38765 | Authorization Bypass Through User-Controlled Key vulnerability in Canon Vitrea View Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls. | 6.5 |