Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-15 | CVE-2024-49388 | Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 16 Sensitive information manipulation due to improper authorization. | 9.1 |
| 2024-10-15 | CVE-2024-9687 | Authorization Bypass Through User-Controlled Key vulnerability in Dueclic WP 2FA With Telegram The WP 2FA with Telegram plugin for WordPress is vulnerable to Authentication Bypass in versions up to, and including, 3.0. | 8.8 |
| 2024-10-04 | CVE-2024-47657 | Authorization Bypass Through User-Controlled Key vulnerability in Shilpisoft NET Back Office This vulnerability exists in the Shilpi Net Back Office due to improper access controls on certain API endpoints. | 6.5 |
| 2024-10-02 | CVE-2024-20513 | Authorization Bypass Through User-Controlled Key vulnerability in Cisco products A vulnerability in the Cisco AnyConnect VPN server of Cisco Meraki MX and Cisco Meraki Z Series Teleworker Gateway devices could allow an unauthenticated, remote attacker to cause a DoS condition for targeted users of the AnyConnect service on an affected device. This vulnerability is due to insufficient entropy for handlers that are used during SSL VPN session establishment. | 5.3 |
| 2024-09-28 | CVE-2024-9298 | Authorization Bypass Through User-Controlled Key vulnerability in Oretnom23 Railway Reservation System 1.0 A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. | 4.3 |
| 2024-09-25 | CVE-2024-8290 | Authorization Bypass Through User-Controlled Key vulnerability in Wclovers Frontend Manager for Woocommerce Along With Bookings Subscription Listings Compatible The WCFM – Frontend Manager for WooCommerce along with Bookings Subscription Listings Compatible plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 6.7.12 via the WCFM_Customers_Manage_Controller::processing function due to missing validation on the ID user controlled key. | 8.8 |
| 2024-09-25 | CVE-2024-8485 | Authorization Bypass Through User-Controlled Key vulnerability in Jianbo Rest API to Miniprogram The REST API TO MiniProgram plugin for WordPress is vulnerable to privilege escalation via account takeovr in all versions up to, and including, 4.7.1 via the updateUserInfo() due to missing validation on the 'openid' user controlled key that determines what user will be updated. | 9.8 |
| 2024-09-24 | CVE-2024-8791 | Authorization Bypass Through User-Controlled Key vulnerability in Wpcharitable Charitable The Donation Forms by Charitable – Donations Plugin & Fundraising Platform for WordPress plugin for WordPress is vulnerable to privilege escalation in all versions up to, and including, 1.8.1.14. | 9.8 |
| 2024-09-20 | CVE-2024-45806 | Authorization Bypass Through User-Controlled Key vulnerability in Envoyproxy Envoy Envoy is a cloud-native high-performance edge/middle/service proxy. | 6.5 |
| 2024-09-17 | CVE-2024-45605 | Authorization Bypass Through User-Controlled Key vulnerability in Sentry 24.1.2 Sentry is a developer-first error tracking and performance monitoring platform. | 4.3 |