Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-03-21 | CVE-2025-24920 | Incorrect Authorization vulnerability in Mattermost Server Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8, 10.5.x <= 10.5.0 fail to restrict bookmark creation and updates in archived channels, which allows authenticated users created or update bookmarked in archived channels | 4.3 |
| 2025-03-21 | CVE-2025-27715 | Incorrect Authorization vulnerability in Mattermost Server Mattermost versions 9.11.x <= 9.11.8 fail to prompt for explicit approval before adding a team admin to a private channel, which team admins to joining private channels via crafted permalink links without explicit consent from them. | 2.7 |
| 2025-03-21 | CVE-2025-27933 | Incorrect Authorization vulnerability in Mattermost Server Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to fail to enforce channel conversion restrictions, which allows members with permission to convert public channels to private ones to also convert private ones to public | 4.3 |
| 2025-03-21 | CVE-2025-30179 | Incorrect Authorization vulnerability in Mattermost Server Mattermost versions 10.4.x <= 10.4.2, 10.3.x <= 10.3.3, 9.11.x <= 9.11.8 fail to enforce MFA on certain search APIs, which allows authenticated attackers to bypass MFA protections via user search, channel search, or team search queries. | 6.5 |
| 2025-02-19 | CVE-2025-27089 | Incorrect Authorization vulnerability in Monospace Directus Directus is a real-time API and App dashboard for managing SQL database content. | 4.3 |
| 2025-02-19 | CVE-2024-45081 | IBM Cognos Controller 11.0.0 through 11.0.1 FP3 and IBM Controller 11.1.0 could allow an authenticated user to modify restricted content due to incorrect authorization checks. | 6.5 |
| 2025-02-11 | CVE-2025-24409 | Incorrect Authorization vulnerability in Adobe Commerce Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. | 9.1 |
| 2025-02-11 | CVE-2025-24434 | Incorrect Authorization vulnerability in Adobe Commerce and Commerce B2B Adobe Commerce versions 2.4.8-beta1, 2.4.7-p3, 2.4.6-p8, 2.4.5-p10, 2.4.4-p11 and earlier are affected by an Incorrect Authorization vulnerability that could result in Privilege escalation. | 9.1 |
| 2025-02-10 | CVE-2025-24200 | Incorrect Authorization vulnerability in Apple Ipados An authorization issue was addressed with improved state management. | 6.1 |
| 2025-01-26 | CVE-2023-50946 | Incorrect Authorization vulnerability in IBM Common Licensing 9.0.0 IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism. | 6.5 |