Vulnerabilities > Authorization Bypass Through User-Controlled Key
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-08-12 | CVE-2024-7658 | Authorization Bypass Through User-Controlled Key vulnerability in Projectsend A vulnerability, which was classified as problematic, has been found in projectsend up to r1605. | 5.3 |
| 2024-08-08 | CVE-2024-3035 | Authorization Bypass Through User-Controlled Key vulnerability in Gitlab A permission check vulnerability in GitLab CE/EE affecting all versions starting from 8.12 prior to 17.0.6, 17.1 prior to 17.1.4, and 17.2 prior to 17.2.2 allowed for LFS tokens to read and write to the user owned repositories. | 8.1 |
| 2024-08-06 | CVE-2024-6357 | Authorization Bypass Through User-Controlled Key vulnerability in Opentext Arcsight Intelligence Insecure Direct Object Reference vulnerability identified in OpenText ArcSight Intelligence. | 8.8 |
| 2024-08-03 | CVE-2024-7438 | Authorization Bypass Through User-Controlled Key vulnerability in Simplemachines Simple Machines Forum 2.1.4 A vulnerability has been found in SimpleMachines SMF 2.1.4 and classified as problematic. | 4.3 |
| 2024-08-03 | CVE-2024-7437 | Authorization Bypass Through User-Controlled Key vulnerability in Simplemachines Simple Machines Forum 2.1.4 A vulnerability, which was classified as critical, was found in SimpleMachines SMF 2.1.4. | 4.3 |
| 2024-07-19 | CVE-2024-5977 | Authorization Bypass Through User-Controlled Key vulnerability in Givewp The GiveWP – Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 3.13.0 via the 'handleRequest' function due to missing validation on a user controlled key. | 5.4 |
| 2024-07-09 | CVE-2024-39900 | Authorization Bypass Through User-Controlled Key vulnerability in Opensearch Observability OpenSearch Dashboards Reports allows ‘Report Owner’ export and share reports from OpenSearch Dashboards. | 5.4 |
| 2024-07-09 | CVE-2024-39901 | Authorization Bypass Through User-Controlled Key vulnerability in Opensearch Observability OpenSearch Observability is collection of plugins and applications that visualize data-driven events. | 5.4 |
| 2024-07-09 | CVE-2023-38047 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /categories/{categoryId} allows a low privileged user to fetch, modify or delete the category of any user (including admin). | 8.1 |
| 2024-07-09 | CVE-2023-38048 | Authorization Bypass Through User-Controlled Key vulnerability in Easyappointments A BOLA vulnerability in GET, PUT, DELETE /providers/{providerId} allows a low privileged user to fetch, modify or delete a privileged user (provider). | 8.1 |