Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-18 | CVE-2022-25336 | Authorization Bypass Through User-Controlled Key vulnerability in Ibexa EZ Platform Kernel Ibexa DXP ezsystems/ezpublish-kernel 7.5.x before 7.5.26 and 1.3.x before 1.3.12 allows Insecure Direct Object Reference (IDOR) attacks against image files because the image path and filename can be correctly deduced. | 5.3 |
| 2022-02-17 | CVE-2022-0639 | Authorization Bypass Through User-Controlled Key vulnerability in Url-Parse Project Url-Parse Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.7. | 5.3 |
| 2022-02-16 | CVE-2022-0613 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Authorization Bypass Through User-Controlled Key in NPM urijs prior to 1.19.8. | 6.5 |
| 2022-02-15 | CVE-2021-46249 | Authorization Bypass Through User-Controlled Key vulnerability in Scratchoauth2 Project Scratchoauth2 An authorization bypass exploited by a user-controlled key in SpecificApps REST API in ScratchOAuth2 before commit d856dc704b2504cd3b92cf089fdd366dd40775d6 allows app owners to set flags that indicate whether an app is verified on their own apps. | 6.5 |
| 2022-02-14 | CVE-2022-0512 | Authorization Bypass Through User-Controlled Key vulnerability in Url-Parse Project Url-Parse Authorization Bypass Through User-Controlled Key in NPM url-parse prior to 1.5.6. | 5.3 |
| 2022-02-09 | CVE-2021-3813 | Authorization Bypass Through User-Controlled Key vulnerability in Chatwoot Improper Privilege Management in GitHub repository chatwoot/chatwoot prior to v2.2. | 6.5 |
| 2022-02-08 | CVE-2022-21713 | Authorization Bypass Through User-Controlled Key vulnerability in multiple products Grafana is an open-source platform for monitoring and observability. | 4.3 |
| 2022-02-07 | CVE-2021-25096 | Authorization Bypass Through User-Controlled Key vulnerability in Ip2Location Country Blocker The IP2Location Country Blocker WordPress plugin before 2.26.5 bans can be bypassed by using a specific parameter in the URL | 6.5 |
| 2022-02-06 | CVE-2022-22832 | Authorization Bypass Through User-Controlled Key vulnerability in Servisnet Tessa 0.0.2 An issue was discovered in Servisnet Tessa 0.0.2. | 9.8 |
| 2022-01-28 | CVE-2021-41608 | Authorization Bypass Through User-Controlled Key vulnerability in Classapps Selectsurvey.Net A file disclosure vulnerability in the UploadedImageDisplay.aspx endpoint of SelectSurvey.NET before 5.052.000 allows a remote, unauthenticated attacker to retrieve survey user submitted data by modifying the value of the ID parameter in sequential order beginning from 1. | 7.5 |