Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-09 | CVE-2021-37212 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The bulletin function of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 5.4 |
| 2021-08-09 | CVE-2021-37213 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The check-in record page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 4.3 |
| 2021-08-09 | CVE-2021-37214 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The employee management page of Flygo contains Insecure Direct Object Reference (IDOR) vulnerability. | 8.8 |
| 2021-08-09 | CVE-2021-37215 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. | 4.3 |
| 2021-08-04 | CVE-2021-36801 | Authorization Bypass Through User-Controlled Key vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. | 8.1 |
| 2021-08-02 | CVE-2021-24473 | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles). | 5.4 |
| 2021-07-21 | CVE-2021-32744 | Authorization Bypass Through User-Controlled Key vulnerability in Collabora Online Collabora Online is a collaborative online office suite. | 7.5 |
| 2021-07-01 | CVE-2021-35337 | Authorization Bypass Through User-Controlled Key vulnerability in Phone Shop Sales Management System Project Phone Shop Sales Management System 1.0 Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). | 4.3 |
| 2021-06-11 | CVE-2021-22906 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud End-To-End Encryption Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. | 6.5 |
| 2021-06-10 | CVE-2021-31927 | Authorization Bypass Through User-Controlled Key vulnerability in Annexcloud Loyalty Experience Platform An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. | 4.3 |