| 2024-11-18 | CVE-2020-3539 | A vulnerability in the web-based management interface of Cisco Data Center Network Manager (DCNM) could allow an authenticated, remote attacker to view, modify, and delete data without proper authorization. The vulnerability is due to a failure to limit access to resources that are intended for users with Administrator privileges. | 6.3 |
| 2024-10-25 | CVE-2024-9235 | Improper Authorization vulnerability in Mapster WP Maps
The Mapster WP Maps plugin for WordPress is vulnerable to unauthorized modification of data that can lead to privilege escalation due to an insufficient capability check on the mapster_wp_maps_set_option_from_js() function in all versions up to, and including, 1.5.0. | 8.8 |
| 2024-10-24 | CVE-2024-9531 | The MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mvx_sent_deactivation_request' function in all versions up to, and including, 4.2.4. | 4.3 |
| 2024-10-16 | CVE-2020-36841 | The WooCommerce Smart Coupons plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the woocommerce_coupon_admin_init function in versions up to, and including, 4.6.0. | 5.3 |
| 2024-09-09 | CVE-2024-7015 | Improper Authorization vulnerability in Profelis Passbox
Improper Authentication, Missing Authentication for Critical Function, Improper Authorization vulnerability in Profelis Informatics and Consulting PassBox allows Authentication Abuse.This issue affects PassBox: before v1.2. | 9.8 |
| 2024-08-07 | CVE-2024-7578 | Improper Authorization vulnerability in Alientechnology Alr-F800 Firmware
A vulnerability was found in Alien Technology ALR-F800 up to 19.10.24.00. | 9.8 |
| 2024-06-13 | CVE-2024-34104 | Improper Authorization vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. | 8.2 |
| 2024-05-01 | CVE-2023-47166 | A firmware update vulnerability exists in the luci2-io file-import functionality of Milesight UR32L v32.3.0.7-r2. | 8.8 |
| 2024-03-12 | CVE-2024-21761 | Improper Authorization vulnerability in Fortinet Fortiportal
An improper authorization vulnerability [CWE-285] in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload. | 4.3 |
| 2024-02-07 | CVE-2024-23806 | Improper Authorization vulnerability in Hidglobal products
Sensitive data can be extracted from HID iCLASS SE reader configuration cards. | 5.3 |