Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-06-01 | CVE-2021-24318 | Authorization Bypass Through User-Controlled Key vulnerability in Purethemes Listeo The Listeo WordPress theme before 1.6.11 did not ensure that the Post/Page and Booking to delete belong to the user making the request, allowing any authenticated users to delete arbitrary page/post and booking via an IDOR vector. | 6.5 |
| 2021-05-26 | CVE-2020-26679 | Authorization Bypass Through User-Controlled Key vulnerability in Vfairs 3.3 vFairs 3.3 is affected by Insecure Permissions. | 4.3 |
| 2021-05-07 | CVE-2020-36126 | Authorization Bypass Through User-Controlled Key vulnerability in Paxtechnology Paxstore 7.0.820200511171508 Pax Technology PAXSTORE v7.0.8_20200511171508 and lower is affected by incorrect access control that can lead to remote privilege escalation. | 8.1 |
| 2021-03-10 | CVE-2020-23722 | Authorization Bypass Through User-Controlled Key vulnerability in Thedaylightstudio Fuel CMS 1.4.7 An issue was discovered in FUEL CMS 1.4.7. | 8.8 |
| 2021-03-08 | CVE-2021-21324 | Authorization Bypass Through User-Controlled Key vulnerability in Glpi-Project Glpi GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. | 6.5 |
| 2021-03-02 | CVE-2021-21255 | Authorization Bypass Through User-Controlled Key vulnerability in Glpi-Project Glpi 9.5.3 GLPI is an open-source asset and IT management software package that provides ITIL Service Desk features, licenses tracking and software auditing. | 5.7 |
| 2021-02-23 | CVE-2020-8297 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Deck Nextcloud Deck before 1.0.2 suffers from an insecure direct object reference (IDOR) vulnerability that permits users with a duplicate user identifier to access deck data of a previous deleted user. | 4.3 |
| 2021-02-11 | CVE-2021-21022 | Authorization Bypass Through User-Controlled Key vulnerability in Magento Magento versions 2.4.1 (and earlier), 2.4.0-p1 (and earlier) and 2.3.6 (and earlier) are vulnerable to an insecure direct object reference (IDOR) in the product module. | 5.3 |
| 2021-02-09 | CVE-2020-13462 | Authorization Bypass Through User-Controlled Key vulnerability in Tufin Securetrack 18.1 Insecure Direct Object Reference (IDOR) exists in Tufin SecureChange, affecting all versions prior to R20-2 GA. | 5.7 |
| 2021-02-04 | CVE-2020-16194 | Authorization Bypass Through User-Controlled Key vulnerability in Store-Opart Quote An Insecure Direct Object Reference (IDOR) vulnerability was found in Prestashop Opart devis < 4.0.2. | 5.3 |