Vulnerabilities > Authorization Bypass Through User-Controlled Key
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-17 | CVE-2024-45606 | Authorization Bypass Through User-Controlled Key vulnerability in Sentry Sentry is a developer-first error tracking and performance monitoring platform. | 4.3 |
2024-09-17 | CVE-2024-47047 | Authorization Bypass Through User-Controlled Key vulnerability in In2Code Powermail An issue was discovered in the powermail extension through 12.4.0 for TYPO3. | 7.5 |
2024-09-16 | CVE-2024-46937 | Authorization Bypass Through User-Controlled Key vulnerability in Mfasoft Secure Authentication Server An improper access control (IDOR) vulnerability in the /api-selfportal/get-info-token-properties endpoint in MFASOFT Secure Authentication Server (SAS) 1.8.x through 1.9.x before 1.9.040924 allows remote attackers gain access to user tokens without authentication. | 7.5 |
2024-09-14 | CVE-2022-3459 | Authorization Bypass Through User-Controlled Key vulnerability in Lilmonkee Woocommerce multiple Free Gift The WooCommerce Multiple Free Gift plugin for WordPress is vulnerable to gift manipulation in all versions up to, and including, 1.2.3. | 5.3 |
2024-09-12 | CVE-2024-25270 | Authorization Bypass Through User-Controlled Key vulnerability in Mirapolis LMS An issue in Mirapolis LMS 4.6.XX allows authenticated users to exploit an Insecure Direct Object Reference (IDOR) vulnerability by manipulating the ID parameter and increment STEP parameter, leading to the exposure of sensitive user data. | 4.3 |
2024-09-12 | CVE-2024-3306 | Authorization Bypass Through User-Controlled Key vulnerability in Utarit Soliclub Authorization Bypass Through User-Controlled Key vulnerability in Utarit Information SoliClub allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android. | 7.5 |
2024-09-11 | CVE-2024-27113 | Authorization Bypass Through User-Controlled Key vulnerability in Soplanning An unauthenticated Insecure Direct Object Reference (IDOR) to the database has been found in the SO Planning tool that occurs when the public view setting is enabled. | 9.8 |
2024-09-11 | CVE-2024-45786 | Authorization Bypass Through User-Controlled Key vulnerability in Reedos Aim-Star 2.0.1 This vulnerability exists in Reedos aiM-Star version 2.0.1 due to improper access controls on its certain API endpoints. | 6.5 |
2024-09-10 | CVE-2023-44254 | Authorization Bypass Through User-Controlled Key vulnerability in Fortinet Fortianalyzer and Fortimanager An authorization bypass through user-controlled key [CWE-639] vulnerability in FortiAnalyzer version 7.4.1 and before 7.2.5 and FortiManager version 7.4.1 and before 7.2.5 may allow a remote attacker with low privileges to read sensitive data via a crafted HTTP request. | 6.5 |
2024-09-06 | CVE-2024-8428 | Authorization Bypass Through User-Controlled Key vulnerability in Ultimatemember Forumwp The ForumWP – Forum & Discussion Board Plugin plugin for WordPress is vulnerable to Privilege Escalation via Insecure Direct Object Reference in all versions up to, and including, 2.0.2 via the submit_form_handler due to missing validation on the 'user_id' user controlled key. | 8.8 |