Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-21 | CVE-2021-24374 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Jetpack The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. | 5.3 |
| 2021-06-11 | CVE-2021-22906 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud End-To-End Encryption Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. | 6.5 |
| 2021-06-10 | CVE-2021-31927 | Authorization Bypass Through User-Controlled Key vulnerability in Annexcloud Loyalty Experience Platform An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. | 4.0 |
| 2021-06-02 | CVE-2020-6641 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortipresence Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters. | 4.0 |
| 2021-06-01 | CVE-2021-32654 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 9.1 |
| 2021-06-01 | CVE-2021-24318 | Authorization Bypass Through User-Controlled Key vulnerability in Purethemes Listeo The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector. | 6.5 |
| 2021-05-26 | CVE-2020-26679 | Authorization Bypass Through User-Controlled Key vulnerability in Vfairs 3.3 vFairs 3.3 is affected by Insecure Permissions. | 4.0 |
| 2021-05-07 | CVE-2020-36126 | Authorization Bypass Through User-Controlled Key vulnerability in Paxtechnology Paxstore Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. | 5.5 |
| 2021-03-08 | CVE-2021-21324 | Authorization Bypass Through User-Controlled Key vulnerability in Glpi-Project Glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. | 4.0 |
| 2021-03-02 | CVE-2021-21255 | Authorization Bypass Through User-Controlled Key vulnerability in Glpi-Project Glpi 9.5.3 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. | 5.7 |