Vulnerabilities > Improper Authorization

DATE CVE VULNERABILITY TITLE RISK
2022-01-03 CVE-2021-3837 Improper Authorization vulnerability in Openwhyd
openwhyd is vulnerable to Improper Authorization
network
openwhyd CWE-285
4.3
2021-12-21 CVE-2021-24739 Improper Authorization vulnerability in Shapedplugin Logo Carousel
The Logo Carousel WordPress plugin before 3.4.2 allows users with a role as low as Contributor to duplicate and view arbitrary private posts made by other users via the Carousel Duplication feature
network
low complexity
shapedplugin CWE-285
5.5
2021-12-20 CVE-2021-43847 Improper Authorization vulnerability in Humhub
HumHub is an open-source social network kit written in PHP.
network
low complexity
humhub CWE-285
4.0
2021-11-19 CVE-2021-42338 Improper Authorization vulnerability in 4Mosan GCB Doctor
4MOSAn GCB Doctor’s login page has improper validation of Cookie, which allows an unauthenticated remote attacker to bypass authentication by code injection in cookie, and arbitrarily manipulate the system or interrupt services by upload and execution of arbitrary files.
network
low complexity
4mosan CWE-285
critical
10.0
2021-11-16 CVE-2021-42337 Improper Authorization vulnerability in Aifu Cashier Accounting Management System
The permission control of AIFU cashier management salary query function can be bypassed, thus after obtaining general user’s permission, the remote attacker can access account information except passwords by crafting URL parameters.
network
low complexity
aifu CWE-285
4.0
2021-11-04 CVE-2021-21693 Improper Authorization vulnerability in Jenkins
When creating temporary files, agent-to-controller access to create those files is only checked after they've been created in Jenkins 2.318 and earlier, LTS 2.303.2 and earlier.
network
low complexity
jenkins CWE-285
7.5
2021-10-19 CVE-2021-38486 Improper Authorization vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870
InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected.
6.0
2021-10-15 CVE-2021-42330 Improper Authorization vulnerability in Xinheinformation Xinhe Teaching Platform System V2021
The “Teacher Edit” function of ShinHer StudyOnline System does not perform authority control.
network
low complexity
xinheinformation CWE-285
5.5
2021-10-15 CVE-2021-42331 Improper Authorization vulnerability in Xinheinformation Xinhe Teaching Platform System V2021
The “Study Edit” function of ShinHer StudyOnline System does not perform permission control.
network
low complexity
xinheinformation CWE-285
5.5
2021-10-15 CVE-2021-42332 Improper Authorization vulnerability in Xinheinformation Xinhe Teaching Platform System V2021
The “List View” function of ShinHer StudyOnline System is not under authority control.
network
low complexity
xinheinformation CWE-285
4.0