Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-13 | CVE-2022-27247 | Authorization Bypass Through User-Controlled Key vulnerability in Cdsoft Winhotel.Mx 2021 onlinetolls in cdSoft Onlinetools-Smart Winhotel.MX 2021 allows an attacker to download sensitive information about any customer (e.g., data of birth, full address, mail information, and phone number) via GastKont Insecure Direct Object Reference. | 5.3 |
| 2022-05-11 | CVE-2022-1352 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab Due to an insecure direct object reference vulnerability in Gitlab EE/CE affecting all versions from 11.0 prior to 14.8.6, 14.9 prior to 14.9.4, and 14.10 prior to 14.10.1, an endpoint may reveal the issue title to a user who crafted an API call with the ID of the issue from a public project that restricts access to issue only to project members. | 5.3 |
| 2022-05-11 | CVE-2022-29008 | Authorization Bypass Through User-Controlled Key vulnerability in PHPgurukul BUS Pass Management System 1.0 An insecure direct object reference (IDOR) vulnerability in the viewid parameter of Bus Pass Management System v1.0 allows attackers to access sensitive information. | 6.5 |
| 2022-05-10 | CVE-2022-28986 | Authorization Bypass Through User-Controlled Key vulnerability in Lmsdoctor 2 Factor Authentication 2021072900 LMS Doctor Simple 2 Factor Authentication Plugin For Moodle Affected: 2021072900 has an Insecure direct object references (IDOR) vulnerability, which allows remote attackers to update sensitive records such as email, password and phone number of other user accounts. | 7.5 |
| 2022-04-25 | CVE-2021-24800 | Authorization Bypass Through User-Controlled Key vulnerability in Designwall DW Question & Answer The DW Question & Answer Pro WordPress plugin through 1.3.4 does not check that the comment to edit belongs to the user making the request, allowing any user to edit other comments. | 4.3 |
| 2022-04-25 | CVE-2022-1461 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr Non Privilege User can Enable or Disable Registered in GitHub repository openemr/openemr prior to 6.1.0.1. | 6.5 |
| 2022-04-25 | CVE-2022-1459 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr Non-Privilege User Can View Patient’s Disclosures in GitHub repository openemr/openemr prior to 6.1.0.1. | 8.3 |
| 2022-04-18 | CVE-2022-26665 | Authorization Bypass Through User-Controlled Key vulnerability in Tylertech Odyssey Portal An Insecure Direct Object Reference issue exists in the Tyler Odyssey Portal platform before 17.1.20. | 7.5 |
| 2022-04-16 | CVE-2022-29287 | Authorization Bypass Through User-Controlled Key vulnerability in Kentico Kentico CMS before 13.0.66 has an Insecure Direct Object Reference vulnerability. | 4.9 |
| 2022-04-14 | CVE-2022-22190 | Authorization Bypass Through User-Controlled Key vulnerability in Juniper Paragon Active Assurance Control Center 3.1.0 An Improper Access Control vulnerability in the Juniper Networks Paragon Active Assurance Control Center allows an unauthenticated attacker to leverage a crafted URL to generate PDF reports, potentially containing sensitive configuration information. | 7.5 |