Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-15 | CVE-2024-6534 | Authorization Bypass Through User-Controlled Key vulnerability in Monospace Directus 10.13.0 Directus v10.13.0 allows an authenticated external attacker to modify presets created by the same user to assign them to another user. | 4.3 |
| 2024-08-12 | CVE-2024-7658 | Authorization Bypass Through User-Controlled Key vulnerability in Projectsend A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. | 5.3 |
| 2024-08-08 | CVE-2024-3035 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories. | 8.1 |
| 2024-08-06 | CVE-2024-6357 | Authorization Bypass Through User-Controlled Key vulnerability in Opentext Arcsight Intelligence Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. | 8.8 |
| 2024-08-03 | CVE-2024-7438 | Authorization Bypass Through User-Controlled Key vulnerability in Simplemachines Simple Machines Forum 2.1.4 A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. | 4.3 |
| 2024-08-03 | CVE-2024-7437 | Authorization Bypass Through User-Controlled Key vulnerability in Simplemachines Simple Machines Forum 2.1.4 A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. | 4.3 |
| 2024-07-22 | CVE-2024-38701 | Authorization Bypass Through User-Controlled Key vulnerability in Kodezen Academy LMS Authorization Bypass Through User-Controlled Key vulnerability in Academy LMS.This issue affects Academy LMS: from n/a through 2.0.4. | 8.8 |
| 2024-07-22 | CVE-2024-34457 | Authorization Bypass Through User-Controlled Key vulnerability in Apache Streampark On versions before 2.1.4, after a regular user successfully logs in, they can manually make a request using the authorization token to view everyone's user flink information, including executeSQL and config. Mitigation: all users should upgrade to 2.1.4 | 6.5 |
| 2024-07-19 | CVE-2024-5977 | Authorization Bypass Through User-Controlled Key vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. | 5.4 |
| 2024-07-18 | CVE-2024-5619 | Authorization Bypass Through User-Controlled Key vulnerability in PruvaSoft Informatics Apinizer Management Console allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Apinizer Management Console: before 2024.05.1. | 9.6 |