Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-03-27 | CVE-2022-26254 | Authorization Bypass Through User-Controlled Key vulnerability in Wowonder 4.0 WoWonder The Ultimate PHP Social Network Platform v4.0.0 was discovered to contain an access control issue which allows unauthenticated attackers to arbitrarily change group ID names. | 5.3 |
| 2022-03-16 | CVE-2021-43957 | Authorization Bypass Through User-Controlled Key vulnerability in Atlassian Crucible Affected versions of Atlassian Fisheye & Crucible allowed remote attackers to browse local files via an Insecure Direct Object References (IDOR) vulnerability in the WEB-INF directory and bypass the fix for CVE-2020-29446 due to a lack of url decoding. | 7.5 |
| 2022-03-07 | CVE-2022-0442 | Authorization Bypass Through User-Controlled Key vulnerability in Ayecode Userswp The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar. | 4.3 |
| 2022-03-03 | CVE-2022-25471 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr 6.0.0 An Insecure Direct Object Reference (IDOR) vulnerability in OpenEMR 6.0.0 allows any authenticated attacker to access and modify unauthorized areas via a crafted POST request to /modules/zend_modules/public/Installer/register. | 8.1 |
| 2022-02-28 | CVE-2021-41111 | Authorization Bypass Through User-Controlled Key vulnerability in Pagerduty Rundeck Rundeck is an open source automation service with a web console, command line tools and a WebAPI. | 5.4 |
| 2022-02-24 | CVE-2022-0732 | Authorization Bypass Through User-Controlled Key vulnerability in 1Byte products The backend infrastructure shared by multiple mobile device monitoring services does not adequately authenticate or authorize API requests, creating an IDOR (Insecure Direct Object Reference) vulnerability. | 7.5 |
| 2022-02-23 | CVE-2022-0731 | Authorization Bypass Through User-Controlled Key vulnerability in Dolibarr Erp/Crm Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0. | 6.5 |
| 2022-02-21 | CVE-2022-0691 | Authorization Bypass Through User-Controlled Key vulnerability in Url-Parse Project Url-Parse Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.9. | 9.8 |
| 2022-02-20 | CVE-2022-0686 | Authorization Bypass Through User-Controlled Key vulnerability in Url-Parse Project Url-Parse Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.8. | 9.1 |
| 2022-02-19 | CVE-2022-24979 | Authorization Bypass Through User-Controlled Key vulnerability in Mittwald Varnishcache An issue was discovered in the Varnishcache extension before 2.0.1 for TYPO3. | 5.3 |