Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-01 | CVE-2021-40352 | Authorization Bypass Through User-Controlled Key vulnerability in Open-Emr Openemr 6.0.0 OpenEMR 6.0.0 has a pnotes_print.php?noteid= Insecure Direct Object Reference vulnerability via which an attacker can read the messages of all users. | 6.5 |
| 2021-08-30 | CVE-2021-22023 | Authorization Bypass Through User-Controlled Key vulnerability in VMWare products The vRealize Operations Manager API (8.x prior to 8.5) has insecure object reference vulnerability. | 7.2 |
| 2021-08-23 | CVE-2021-24562 | Authorization Bypass Through User-Controlled Key vulnerability in Lifterlms The LMS by LifterLMS – Online Course, Membership & Learning Management System Plugin for WordPress plugin before 4.21.2 was affected by an IDOR issue, allowing students to see other student answers and grades | 7.5 |
| 2021-08-16 | CVE-2021-37709 | Authorization Bypass Through User-Controlled Key vulnerability in Shopware Shopware is an open source eCommerce platform. | 6.5 |
| 2021-08-09 | CVE-2021-37212 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 5.4 |
| 2021-08-09 | CVE-2021-37213 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 4.3 |
| 2021-08-09 | CVE-2021-37214 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 8.8 |
| 2021-08-09 | CVE-2021-37215 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. | 4.3 |
| 2021-08-04 | CVE-2021-36801 | Authorization Bypass Through User-Controlled Key vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. | 8.1 |
| 2021-08-02 | CVE-2021-24473 | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles). | 5.4 |