Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-19 | CVE-2023-49812 | Authorization Bypass Through User-Controlled Key vulnerability in Wppa WP Photo Album Plus Authorization Bypass Through User-Controlled Key vulnerability in J.N. | 7.5 |
| 2023-12-12 | CVE-2023-46701 | Authorization Bypass Through User-Controlled Key vulnerability in Mattermost Server Mattermost fails to perform authorization checks in the /plugins/playbooks/api/v0/runs/add-to-timeline-dialog endpoint of the Playbooks plugin allowing an attacker to get limited information about a post if they know the post ID | 5.3 |
| 2023-12-12 | CVE-2023-48641 | Authorization Bypass Through User-Controlled Key vulnerability in Archerirm Archer Archer Platform 6.x before 6.14 P1 HF2 (6.14.0.1.2) contains an insecure direct object reference vulnerability. | 8.8 |
| 2023-11-30 | CVE-2023-6341 | Authorization Bypass Through User-Controlled Key vulnerability in Catalisgov Cms360 Catalis (previously Icon Software) CMS360 allows a remote, unauthenticated attacker to view sensitive court documents by modifying document and other identifiers in URLs. | 5.3 |
| 2023-11-28 | CVE-2023-6226 | Authorization Bypass Through User-Controlled Key vulnerability in Getshortcodes Shortcodes Ultimate The WP Shortcodes Plugin — Shortcodes Ultimate plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 5.13.3 via the su_meta shortcode due to missing validation on the user controlled keys 'key' and 'post_id'. | 4.3 |
| 2023-11-24 | CVE-2023-49298 | Authorization Bypass Through User-Controlled Key vulnerability in Openzfs OpenZFS through 2.1.13 and 2.2.x through 2.2.1, in certain scenarios involving applications that try to rely on efficient copying of file data, can replace file contents with zero-valued bytes and thus potentially disable security mechanisms. | 7.5 |
| 2023-11-24 | CVE-2023-33706 | Authorization Bypass Through User-Controlled Key vulnerability in Sysaid SysAid before 23.2.15 allows Indirect Object Reference (IDOR) attacks to read ticket data via a modified sid parameter to EmailHtmlSourceIframe.jsp or a modified srID parameter to ShowMessage.jsp. | 6.5 |
| 2023-11-22 | CVE-2023-47316 | Authorization Bypass Through User-Controlled Key vulnerability in H-Mdm Headwind MDM 5.22.1 Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control. | 5.4 |
| 2023-11-21 | CVE-2023-48304 | Authorization Bypass Through User-Controlled Key vulnerability in Nextcloud Server Nextcloud Server provides data storage for Nextcloud, an open source cloud platform. | 4.3 |
| 2023-11-21 | CVE-2023-6144 | Authorization Bypass Through User-Controlled Key vulnerability in Armanidrisi DEV Blog 1.0 Dev blog v1.0 allows to exploit an account takeover through the "user" cookie. | 4.8 |