Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-28 | CVE-2021-41608 | Authorization Bypass Through User-Controlled Key vulnerability in Classapps Selectsurvey.Net A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. | 7.5 |
| 2022-01-27 | CVE-2022-22828 | Authorization Bypass Through User-Controlled Key vulnerability in Synametrics Synaman An insecure direct object reference for the file-download URL in Synametrics SynaMan before 5.0 allows a remote attacker to access unshared files via a modified base64-encoded filename string. | 7.5 |
| 2022-01-24 | CVE-2022-23856 | Authorization Bypass Through User-Controlled Key vulnerability in Saviynt Enterprise Identity Cloud An issue was discovered in Saviynt Enterprise Identity Cloud (EIC) 5.5 SP2.x. | 5.3 |
| 2022-01-18 | CVE-2021-44836 | Authorization Bypass Through User-Controlled Key vulnerability in Deltarm Delta RM 1.2 An issue was discovered in Delta RM 1.2. | 4.3 |
| 2022-01-14 | CVE-2021-3965 | Authorization Bypass Through User-Controlled Key vulnerability in HP products Certain HP DesignJet products may be vulnerable to unauthenticated HTTP requests which allow viewing and downloading of print job previews. | 7.5 |
| 2022-01-03 | CVE-2021-45428 | Authorization Bypass Through User-Controlled Key vulnerability in Telesquare Tlr-2005Ksh Firmware TLR-2005KSH is affected by an incorrect access control vulnerability. | 9.8 |
| 2021-12-28 | CVE-2021-40579 | Authorization Bypass Through User-Controlled Key vulnerability in Online Enrollment Management System Project Online Enrollment Management System 1.0 https://www.sourcecodester.com/ Online Enrollment Management System in PHP and PayPal Free Source Code 1.0 is affected by: Incorrect Access Control. | 6.5 |
| 2021-12-14 | CVE-2021-44949 | Authorization Bypass Through User-Controlled Key vulnerability in Glfusion 1.7.9 glFusion CMS 1.7.9 is affected by an access control vulnerability via /public_html/users.php. | 9.8 |
| 2021-12-13 | CVE-2021-39916 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab Lack of an access control check in the External Status Check feature allowed any authenticated user to retrieve the configuration of any External Status Check in GitLab EE starting from 14.1 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | 4.3 |
| 2021-12-13 | CVE-2021-39934 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab Improper access control allows any project member to retrieve the service desk email address in GitLab CE/EE versions starting 12.10 before 14.3.6, all versions starting from 14.4 before 14.4.4, all versions starting from 14.5 before 14.5.2. | 4.3 |