Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-12-17 | CVE-2024-9654 | The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4. | 3.7 |
2024-11-26 | CVE-2024-11680 | Incorrect Authorization vulnerability in Projectsend ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability. | 9.8 |
2024-11-19 | CVE-2023-21270 | Incorrect Authorization vulnerability in Google Android 12.0/12.1/13.0 In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update. | 7.8 |
2024-11-18 | CVE-2024-21287 | Incorrect Authorization vulnerability in Oracle Agile Product Lifecycle Management 9.3.6 Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension). | 7.5 |
2024-11-18 | CVE-2024-48897 | Incorrect Authorization vulnerability in Moodle A vulnerability was found in Moodle. | 4.3 |
2024-11-18 | CVE-2024-48901 | Incorrect Authorization vulnerability in Moodle A vulnerability was found in Moodle. | 4.3 |
2024-11-14 | CVE-2024-3379 | Incorrect Authorization vulnerability in Lunary In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to. | 8.1 |
2024-11-14 | CVE-2022-31667 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to. By sending a request that attempts to update a robot account, and specifying a robot account id and robot account name that belongs to a different project that the user doesn’t have access to, it was possible to revoke the robot account permissions. | 6.4 |
2024-11-14 | CVE-2022-31668 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could modify p2p preheat policies configured in other projects. | 7.7 |
2024-11-14 | CVE-2022-31669 | Incorrect Authorization vulnerability in Linuxfoundation Harbor Harbor fails to validate the user permissions when updating tag immutability policies. By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker could modify tag immutability policies configured in other projects. | 7.7 |