Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-06-28 | CVE-2022-0624 | Authorization Bypass Through User-Controlled Key vulnerability in Parse-Path Project Parse-Path Authorization Bypass Through User-Controlled Key in GitHub repository ionicabizau/parse-path prior to 5.0.0. | 7.3 |
| 2022-06-27 | CVE-2017-20101 | Authorization Bypass Through User-Controlled Key vulnerability in Projectsend R754 A vulnerability, which was classified as problematic, was found in ProjectSend r754. | 5.7 |
| 2022-06-20 | CVE-2022-1614 | Authorization Bypass Through User-Controlled Key vulnerability in Wp-Email Project Wp-Email The WP-EMail WordPress plugin before 2.69.0 prioritizes getting a visitor's IP from certain HTTP headers over PHP's REMOTE_ADDR, which makes it possible to bypass IP-based anti-spamming restrictions. | 7.5 |
| 2022-06-16 | CVE-2022-31295 | Authorization Bypass Through User-Controlled Key vulnerability in Online Discussion Forum Site Project Online Discussion Forum Site 1.0 An issue in the delete_post() function of Online Discussion Forum Site 1 allows unauthenticated attackers to arbitrarily delete posts. | 7.5 |
| 2022-06-09 | CVE-2022-30760 | Authorization Bypass Through User-Controlled Key vulnerability in Ihb-Eg Fn2Web An Insecure Direct Object Reference (IDOR) issue in fn2Web in ihb eG FlexNow before 2.04.09.016 allows remote authenticated attackers to obtain sensitive student information (final grades, study courses, degrees) by changing the student ID parameter in the HTTP POST request to the FrontControllerSS endpoint. | 4.3 |
| 2022-06-09 | CVE-2022-31027 | Authorization Bypass Through User-Controlled Key vulnerability in Jupyter Oauthenticator OAuthenticator is an OAuth token library for the JupyerHub login handler. | 6.5 |
| 2022-06-08 | CVE-2022-1996 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key in GitHub repository emicklei/go-restful prior to v3.8.0. | 9.1 |
| 2022-06-02 | CVE-2022-1949 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products An access control bypass vulnerability found in 389-ds-base. | 7.5 |
| 2022-06-02 | CVE-2022-29627 | Authorization Bypass Through User-Controlled Key vulnerability in Online Market Place Site Project Online Market Place Site 1.0 An insecure direct object reference (IDOR) in Online Market Place Site v1.0 allows attackers to modify products that are owned by other sellers. | 4.3 |
| 2022-05-26 | CVE-2022-30495 | Authorization Bypass Through User-Controlled Key vulnerability in Automotive Shop Management System Project Automotive Shop Management System 1.0 In oretnom23 Automotive Shop Management System v1.0, the name id parameter is vulnerable to IDOR - Broken Access Control allowing attackers to change the admin password(vertical privilege escalation) | 9.8 |