Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2025-06-03 | CVE-2025-21479 | Incorrect Authorization vulnerability in Qualcomm products Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. | 8.6 |
| 2025-06-03 | CVE-2025-21480 | Incorrect Authorization vulnerability in Qualcomm products Memory corruption due to unauthorized command execution in GPU micronode while executing specific sequence of commands. | 8.6 |
| 2025-05-28 | CVE-2025-25251 | An Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allow a local attacker to escalate privileges via crafted XPC messages. | 7.8 |
| 2025-05-28 | CVE-2025-25026 | Incorrect Authorization vulnerability in IBM Security Guardium 12.0 IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check. | 4.3 |
| 2025-05-21 | CVE-2025-20257 | A vulnerability in an API subsystem of Cisco Secure Network Analytics Manager and Cisco Secure Network Analytics Virtual Manager could allow an authenticated, remote attacker with low privileges to generate fraudulent findings that are used to generate alarms and alerts on an affected product. Thi vulnerability is due to insufficient authorization enforcement on a specific API. | 6.5 |
| 2025-05-17 | CVE-2025-4101 | Incorrect Authorization vulnerability in Multivendorx The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' function in all versions up to, and including, 4.2.22. | 4.3 |
| 2025-05-13 | CVE-2025-43561 | Incorrect Authorization vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code execution in the context of the current user. | 9.1 |
| 2025-05-13 | CVE-2025-43564 | Incorrect Authorization vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Improper Access Control vulnerability that could result in arbitrary file system read. | 7.2 |
| 2025-05-13 | CVE-2025-43565 | Incorrect Authorization vulnerability in Adobe Coldfusion 2021/2023/2025 ColdFusion versions 2025.1, 2023.13, 2021.19 and earlier are affected by an Incorrect Authorization vulnerability that could lead to arbitrary code execution in the context of the current user. | 8.4 |
| 2025-05-06 | CVE-2025-3609 | The Reales WP STPT plugin for WordPress is vulnerable to unauthorized user registration in all versions up to, and including, 2.1.2. | 5.3 |