Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-08-09 | CVE-2021-37215 | Authorization Bypass Through User-Controlled Key vulnerability in Larvata Flygo 1.90.5 The employee management page of Flygo contains an Insecure Direct Object Reference (IDOR) vulnerability. | 4.3 |
| 2021-08-04 | CVE-2021-36801 | Authorization Bypass Through User-Controlled Key vulnerability in Akaunting Akaunting version 2.1.12 and earlier suffers from an authentication bypass issue in the user-controllable field, companies[0]. | 8.1 |
| 2021-08-02 | CVE-2021-24473 | Authorization Bypass Through User-Controlled Key vulnerability in Cozmoslabs User Profile Picture The User Profile Picture WordPress plugin before 2.6.0 was affected by an IDOR issue, allowing users with the upload_image capability (by default author and above) to change and delete the profile pictures of other users (including those with higher roles). | 5.4 |
| 2021-07-21 | CVE-2021-32744 | Authorization Bypass Through User-Controlled Key vulnerability in Collabora Online Collabora Online is a collaborative online office suite. | 7.5 |
| 2021-07-01 | CVE-2021-35337 | Authorization Bypass Through User-Controlled Key vulnerability in Phone Shop Sales Management System Project Phone Shop Sales Management System 1.0 Sourcecodester Phone Shop Sales Managements System 1.0 is vulnerable to Insecure Direct Object Reference (IDOR). | 4.3 |
| 2021-06-21 | CVE-2021-24374 | Authorization Bypass Through User-Controlled Key vulnerability in Automattic Jetpack The Jetpack Carousel module of the JetPack WordPress plugin before 9.8 allows users to create a "carousel" type image gallery and allows users to comment on the images. | 5.3 |
| 2021-06-11 | CVE-2021-22906 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud End-To-End Encryption Nextcloud End-to-End Encryption before 1.5.3, 1.6.3 and 1.7.1 suffers from a denial of service vulnerability due to permitting any authenticated users to lock files of other users. | 6.5 |
| 2021-06-10 | CVE-2021-31927 | Authorization Bypass Through User-Controlled Key vulnerability in Annexcloud Loyalty Experience Platform An Insecure Direct Object Reference (IDOR) vulnerability in Annex Cloud Loyalty Experience Platform <2021.1.0.1 allows any authenticated attacker to modify any existing user, including users assigned to different environments and clients. | 4.3 |
| 2021-06-02 | CVE-2020-6641 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortipresence Two authorization bypass through user-controlled key vulnerabilities in the Fortinet FortiPresence 2.1.0 administration interface may allow an attacker to gain access to some user data via portal manager or portal users parameters. | 4.3 |
| 2021-06-01 | CVE-2021-32654 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server Nextcloud Server is a Nextcloud package that handles data storage. | 9.1 |