Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-04 | CVE-2021-36801 | Authorization Bypass Through User-Controlled Key vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. | 8.1 |
| 2021-08-02 | CVE-2021-24473 | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles). | 5.4 |
| 2021-07-21 | CVE-2021-32744 | Authorization Bypass Through User-Controlled Key vulnerability in Collabora Online Collabora Online is a collaborative online office suite. | 7.5 |
| 2021-07-01 | CVE-2021-35337 | Authorization Bypass Through User-Controlled Key vulnerability in Phone Shop Sales Management System Project Phone Shop Sales Management System 1.0 Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). | 4.3 |
| 2021-06-11 | CVE-2021-22906 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud End-To-End Encryption Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. | 6.5 |
| 2021-06-10 | CVE-2021-31927 | Authorization Bypass Through User-Controlled Key vulnerability in Annexcloud Loyalty Experience Platform An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. | 4.3 |
| 2021-06-02 | CVE-2020-6641 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortipresence Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters. | 4.3 |
| 2021-06-01 | CVE-2021-24318 | Authorization Bypass Through User-Controlled Key vulnerability in Purethemes Listeo The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector. | 6.5 |
| 2021-05-26 | CVE-2020-26679 | Authorization Bypass Through User-Controlled Key vulnerability in Vfairs 3.3 vFairs 3.3 is affected by Insecure Permissions. | 4.3 |
| 2021-05-07 | CVE-2020-36126 | Authorization Bypass Through User-Controlled Key vulnerability in Paxtechnology Paxstore 7.0.820200511171508 Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. | 8.1 |