Vulnerabilities > Authorization Bypass Through User-Controlled Key

DATE CVE VULNERABILITY TITLE RISK
2024-09-17 CVE-2024-45606 Authorization Bypass Through User-Controlled Key vulnerability in Sentry
Sentry is a developer-first error tracking and performance monitoring platform.
network
low complexity
sentry CWE-639
4.3
2024-09-17 CVE-2024-47047 Authorization Bypass Through User-Controlled Key vulnerability in In2Code Powermail
An issue was discovered in the powermail extension through 12.4.0 for TYPO3.
network
low complexity
in2code CWE-639
7.5
2024-09-16 CVE-2024-46937 Authorization Bypass Through User-Controlled Key vulnerability in Mfasoft Secure Authentication Server
An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication.
network
low complexity
mfasoft CWE-639
7.5
2024-09-14 CVE-2022-3459 Authorization Bypass Through User-Controlled Key vulnerability in Lilmonkee Woocommerce multiple Free Gift
The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3.
network
low complexity
lilmonkee CWE-639
5.3
2024-09-12 CVE-2024-25270 Authorization Bypass Through User-Controlled Key vulnerability in Mirapolis LMS
An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data.
network
low complexity
mirapolis CWE-639
4.3
2024-09-12 CVE-2024-3306 Authorization Bypass Through User-Controlled Key vulnerability in Utarit Soliclub
Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.
network
low complexity
utarit CWE-639
7.5
2024-09-11 CVE-2024-27113 Authorization Bypass Through User-Controlled Key vulnerability in Soplanning
An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled.
network
low complexity
soplanning CWE-639
critical
9.8
2024-09-11 CVE-2024-45786 Authorization Bypass Through User-Controlled Key vulnerability in Reedos Aim-Star 2.0.1
This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints.
network
low complexity
reedos CWE-639
6.5
2024-09-10 CVE-2023-44254 Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager
An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request.
network
low complexity
fortinet CWE-639
6.5
2024-09-06 CVE-2024-8428 Authorization Bypass Through User-Controlled Key vulnerability in Ultimatemember Forumwp
The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key.
network
low complexity
ultimatemember CWE-639
8.8