Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-06-27 | CVE-2024-4011 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives. | 4.3 |
| 2024-06-27 | CVE-2024-6323 | Incorrect Authorization vulnerability in Gitlab Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project. | 7.5 |
| 2024-06-24 | CVE-2024-38369 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 4.3 |
| 2024-06-21 | CVE-2023-38389 | Incorrect Authorization vulnerability in Artbees Jupiter X Core Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8. | 9.8 |
| 2024-06-21 | CVE-2024-1639 | Incorrect Authorization vulnerability in Wpexperts License Manager for Woocommerce The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7. | 6.5 |
| 2024-06-18 | CVE-2024-5860 | Incorrect Authorization vulnerability in Tickera The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8. | 4.3 |
| 2024-06-13 | CVE-2024-34130 | Incorrect Authorization vulnerability in Adobe Acrobat Reader 20.6.0/20.6.2/20.9.0 Acrobat Mobile Sign Android versions 24.4.2.33155 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. | 5.5 |
| 2024-06-13 | CVE-2024-34106 | Incorrect Authorization vulnerability in Adobe Commerce and Magento Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. | 5.3 |
| 2024-06-10 | CVE-2024-27848 | Incorrect Authorization vulnerability in Apple Ipados and Macos This issue was addressed with improved permissions checking. | 7.8 |
| 2024-06-08 | CVE-2024-4146 | Incorrect Authorization vulnerability in Lunary 1.2.13 In lunary-ai/lunary version v1.2.13, an improper authorization vulnerability exists that allows unauthorized users to access and manipulate projects within an organization they should not have access to. | 9.8 |