Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2021-09-07 CVE-2021-37631 Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck
Deck is an open source kanban style organization tool aimed at personal planning and project organization for teams integrated with Nextcloud.
network
low complexity
nextcloud CWE-639
6.5
2021-09-01 CVE-2021-36032 Authorization Bypass Through User-Controlled Key vulnerability in Adobe Commerce and Magento Open Source
Magento Commerce versions 2.4.2 (and earlier), 2.4.2-p1 (and earlier) and 2.3.7 (and earlier) are affected by an improper input validation vulnerability.
network
low complexity
adobe CWE-639
8.8
2021-09-01 CVE-2021-40352 Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr 6.0.0
OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users.
network
low complexity
open-emr CWE-639
6.5
2021-08-30 CVE-2021-22023 Authorization Bypass Through User-Controlled Key vulnerability in VMWare products
The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability.
network
low complexity
vmware CWE-639
7.2
2021-08-23 CVE-2021-24562 Authorization Bypass Through User-Controlled Key vulnerability in Lifterlms
The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades
network
low complexity
lifterlms CWE-639
7.5
2021-08-16 CVE-2021-37709 Authorization Bypass Through User-Controlled Key vulnerability in Shopware
Shopware is an open source eCommerce platform.
network
low complexity
shopware CWE-639
6.5
2021-08-09 CVE-2021-37212 Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5
The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.
network
low complexity
larvata CWE-639
5.4
2021-08-09 CVE-2021-37213 Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5
The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.
network
low complexity
larvata CWE-639
4.3
2021-08-09 CVE-2021-37214 Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5
The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability.
network
low complexity
larvata CWE-639
8.8
2021-08-09 CVE-2021-37215 Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5
The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability.
network
low complexity
larvata CWE-639
4.3