Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-07-20 | CVE-2022-34150 | Authorization Bypass Through User-Controlled Key vulnerability in Micodus Mv720 Firmware The main MiCODUS MV720 GPS tracker web server has an authenticated insecure direct object reference vulnerability on endpoint and parameter device IDs, which accept arbitrary device IDs without further verification. | 5.4 |
| 2022-07-19 | CVE-2022-2193 | Authorization Bypass Through User-Controlled Key vulnerability in Hypr Server 6.10 Insecure Direct Object Reference vulnerability in HYPR Server before version 6.14.1 allows remote authenticated attackers to add a FIDO2 authenticator to arbitrary accounts via parameter tampering in the Device Manager page. | 8.8 |
| 2022-07-17 | CVE-2021-24655 | Authorization Bypass Through User-Controlled Key vulnerability in Wpusermanager WP User Manager The WP User Manager WordPress plugin before 2.6.3 does not ensure that the user ID to reset the password of is related to the reset key given. | 7.5 |
| 2022-07-15 | CVE-2022-1881 | Authorization Bypass Through User-Controlled Key vulnerability in Octopus Server In affected versions of Octopus Server an Insecure Direct Object Reference vulnerability exists where it is possible for a user to download Project Exports from a Project they do not have permissions to access. | 5.3 |
| 2022-07-08 | CVE-2022-30852 | Authorization Bypass Through User-Controlled Key vulnerability in Withknown Known Known v1.3.1 was discovered to contain an Insecure Direct Object Reference (IDOR). | 4.3 |
| 2022-07-08 | CVE-2022-1245 | Authorization Bypass Through User-Controlled Key vulnerability in Redhat Keycloak A privilege escalation flaw was found in the token exchange feature of keycloak. | 9.8 |
| 2022-07-06 | CVE-2022-31131 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Mail Nextcloud mail is a Mail app for the Nextcloud home server product. | 4.3 |
| 2022-07-06 | CVE-2022-23173 | Authorization Bypass Through User-Controlled Key vulnerability in Priority-Software Priority 19.1.0.68 this vulnerability affect user that even not allowed to access via the web interface. | 6.3 |
| 2022-07-01 | CVE-2022-2243 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab An access control vulnerability in GitLab EE/CE affecting all versions from 14.8 prior to 14.10.5, 15.0 prior to 15.0.4, and 15.1 prior to 15.1.1, allows authenticated users to enumerate issues in non-linked sentry projects. | 4.3 |
| 2022-06-28 | CVE-2022-31883 | Authorization Bypass Through User-Controlled Key vulnerability in Marvalglobal Marval MSM 14.19.0.12476 Marval MSM v14.19.0.12476 is has an Insecure Direct Object Reference (IDOR) vulnerability. | 8.8 |