Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-06 | CVE-2022-31131 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Mail Nextcloud mail is a Mail app for the Nextcloud home server product. | 4.3 |
| 2022-07-06 | CVE-2022-23173 | Authorization Bypass Through User-Controlled Key vulnerability in Priority-Software Priority 19.1.0.68 this vulnerability affect user that even not allowed to access via the web interface. | 6.3 |
| 2022-07-01 | CVE-2022-2243 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. | 4.3 |
| 2022-06-28 | CVE-2022-31883 | Authorization Bypass Through User-Controlled Key vulnerability in Marvalglobal Marval MSM 14.19.0.12476 Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. | 8.8 |
| 2022-06-27 | CVE-2017-20101 | Authorization Bypass Through User-Controlled Key vulnerability in Projectsend R754 A vulnerability, which was classified as problematic, was found in ProjectSend r754. | 5.7 |
| 2022-06-16 | CVE-2022-31295 | Authorization Bypass Through User-Controlled Key vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. | 7.5 |
| 2022-06-09 | CVE-2022-30760 | Authorization Bypass Through User-Controlled Key vulnerability in Ihb-Eg Fn2Web An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint. | 4.3 |
| 2022-06-02 | CVE-2022-1949 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products An access control bypass vulnerability found in 389-ds-base. | 7.5 |
| 2022-06-02 | CVE-2022-29627 | Authorization Bypass Through User-Controlled Key vulnerability in Online Market Place Site Project Online Market Place Site 1.0 An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. | 4.3 |
| 2022-05-26 | CVE-2022-30495 | Authorization Bypass Through User-Controlled Key vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) | 9.8 |