Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2023-03-03 CVE-2023-25403 Authorization Bypass Through User-Controlled Key vulnerability in Yf-Exam Project Yf-Exam 1.8.0
CleverStupidDog yf-exam v 1.8.0 is vulnerable to Authentication Bypass.
network
low complexity
yf-exam-project CWE-639
7.5
2023-02-13 CVE-2023-25160 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Mail
Nextcloud Mail is an email app for the Nextcloud home server platform.
network
low complexity
nextcloud CWE-639
5.3
2023-02-03 CVE-2022-34138 Authorization Bypass Through User-Controlled Key vulnerability in Biltema Baby Camera Firmware and IP Camera Firmware
Insecure direct object references (IDOR) in the web server of Biltema IP and Baby Camera Software v124 allows attackers to access sensitive information.
network
low complexity
biltema CWE-639
7.5
2023-01-26 CVE-2021-36539 Authorization Bypass Through User-Controlled Key vulnerability in Instructure Canvas Learning Management Service 20200729
Instructure Canvas LMS didn't properly deny access to locked/unpublished files when the unprivileged user access the DocViewer based file preview URL (canvadoc_session_url).
network
low complexity
instructure CWE-639
6.5
2023-01-18 CVE-2022-45927 Authorization Bypass Through User-Controlled Key vulnerability in Opentext Extended ECM
An issue was discovered in OpenText Content Suite Platform 22.1 (16.2.19.1803).
network
low complexity
opentext CWE-639
8.8
2023-01-17 CVE-2022-40319 Authorization Bypass Through User-Controlled Key vulnerability in Lsoft Listserv 17.0
The LISTSERV 17 web interface allows remote attackers to conduct Insecure Direct Object References (IDOR) attacks via a modified email address in a wa.exe URL.
network
low complexity
lsoft CWE-639
7.5
2023-01-14 CVE-2023-22471 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck
Deck is a kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
network
low complexity
nextcloud CWE-639
4.3
2022-12-19 CVE-2022-3876 Authorization Bypass Through User-Controlled Key vulnerability in Clickstudios Passwordstate
A vulnerability, which was classified as problematic, has been found in Click Studios Passwordstate and Passwordstate Browser Extension Chrome.
network
low complexity
clickstudios CWE-639
6.5
2022-12-12 CVE-2022-4097 Authorization Bypass Through User-Controlled Key vulnerability in Updraftplus All-In-One Security
The All-In-One Security (AIOS) WordPress plugin before 5.0.8 is susceptible to IP Spoofing attacks, which can lead to bypassed security features (like IP blocks, rate limiting, brute force protection, and more).
network
low complexity
updraftplus CWE-639
5.3
2022-12-09 CVE-2022-38765 Authorization Bypass Through User-Controlled Key vulnerability in Canon Vitrea View
Canon Medical Informatics Vitrea Vision 7.7.76.1 does not adequately enforce access controls.
network
low complexity
canon CWE-639
6.5