Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2024-10-29 CVE-2024-7473 Authorization Bypass Through User-Controlled Key vulnerability in Lunary 1.3.2
An IDOR vulnerability exists in the 'Evaluations' function of the 'umgws datasets' section in lunary-ai/lunary versions 1.3.2.
network
low complexity
lunary CWE-639
6.5
2024-10-29 CVE-2024-7474 Authorization Bypass Through User-Controlled Key vulnerability in Lunary
In version 1.3.2 of lunary-ai/lunary, an Insecure Direct Object Reference (IDOR) vulnerability exists.
network
low complexity
lunary CWE-639
8.1
2024-10-28 CVE-2024-50483 Authorization Bypass Through User-Controlled Key vulnerability in Tareqhasan Meetup
Authorization Bypass Through User-Controlled Key vulnerability in Meetup allows Privilege Escalation.This issue affects Meetup: from n/a through 0.1.
network
low complexity
tareqhasan CWE-639
critical
9.8
2024-10-28 CVE-2024-10439 Authorization Bypass Through User-Controlled Key vulnerability in Sun.Net Ehdr Ctms
The eHRD CTMS from Sunnet has an Insecure Direct Object Reference (IDOR) vulnerability, allowing unauthenticated remote attackers to modify a specific parameter to access arbitrary files uploaded by any user.
network
low complexity
sun-net CWE-639
7.5
2024-10-26 CVE-2024-9637 The School Management System – WPSchoolPress plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 2.2.10.
network
low complexity
CWE-639
8.8
2024-10-18 CVE-2024-10121 Authorization Bypass Through User-Controlled Key vulnerability in Riskengine Radar
A vulnerability was found in wfh45678 Radar up to 1.0.8 and classified as critical.
network
low complexity
riskengine CWE-639
critical
9.8
2024-10-17 CVE-2024-9215 The Co-Authors, Multiple Authors and Guest Authors in an Author Box with PublishPress Authors plugin for WordPress is vulnerable to Insecure Direct Object Reference to Privilege Escalation/Account Takeover in all versions up to, and including, 4.7.1 via the action_edited_author() due to missing validation on the 'authors-user_id' user controlled key.
network
low complexity
CWE-639
8.8
2024-10-17 CVE-2024-9862 The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 3.6.0.
network
low complexity
CWE-639
critical
9.8
2024-10-16 CVE-2023-7286 The plugin ACF Quick Edit Fields for WordPress is vulnerable to Insecure Direct Object Reference in versions up to, and including, 3.2.2.
network
low complexity
CWE-639
6.5
2024-10-15 CVE-2024-49388 Authorization Bypass Through User-Controlled Key vulnerability in Acronis Cyber Protect 16
Sensitive information manipulation due to improper authorization.
network
low complexity
acronis CWE-639
critical
9.1