Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-12-17 CVE-2024-9654 The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4.
network
high complexity
CWE-863
3.7
2024-11-26 CVE-2024-11680 Incorrect Authorization vulnerability in Projectsend
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.
network
low complexity
projectsend CWE-863
critical
9.8
2024-11-19 CVE-2023-21270 Incorrect Authorization vulnerability in Google Android 12.0/12.1/13.0
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update.
local
low complexity
google CWE-863
7.8
2024-11-18 CVE-2024-21287 Incorrect Authorization vulnerability in Oracle Agile Product Lifecycle Management 9.3.6
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension).
network
low complexity
oracle CWE-863
7.5
2024-11-18 CVE-2024-48897 Incorrect Authorization vulnerability in Moodle
A vulnerability was found in Moodle.
network
low complexity
moodle CWE-863
4.3
2024-11-18 CVE-2024-48901 Incorrect Authorization vulnerability in Moodle
A vulnerability was found in Moodle.
network
low complexity
moodle CWE-863
4.3
2024-11-14 CVE-2024-3379 Incorrect Authorization vulnerability in Lunary
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to.
network
low complexity
lunary CWE-863
8.1
2024-11-14 CVE-2022-31667 Incorrect Authorization vulnerability in Linuxfoundation Harbor
Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions.
network
low complexity
linuxfoundation CWE-863
6.4
2024-11-14 CVE-2022-31668 Incorrect Authorization vulnerability in Linuxfoundation Harbor
Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects.
network
low complexity
linuxfoundation CWE-863
7.7
2024-11-14 CVE-2022-31669 Incorrect Authorization vulnerability in Linuxfoundation Harbor
Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects.
network
low complexity
linuxfoundation CWE-863
7.7