Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2022-11-29 CVE-2022-4036 Incorrect Authorization vulnerability in Dwbooster Appointment Hour Booking
The Appointment Hour Booking plugin for WordPress is vulnerable to CAPTCHA bypass in versions up to, and including, 1.3.72.
network
low complexity
dwbooster CWE-863
5.3
2022-11-28 CVE-2022-24189 Incorrect Authorization vulnerability in Sz-Fujia Ourphoto 1.4.1
The user_token authorization header on the Ourphoto App version 1.4.1 /apiv1/* end-points is not implemented properly.
network
low complexity
sz-fujia CWE-863
6.5
2022-11-22 CVE-2022-41326 Incorrect Authorization vulnerability in Mitel Micollab
The web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due to improper authorization controls.
network
low complexity
mitel CWE-863
critical
9.8
2022-11-19 CVE-2022-41155 Incorrect Authorization vulnerability in Webence IQ Block Country
Block BYPASS vulnerability in iQ Block Country plugin <= 1.2.18 on WordPress.
network
low complexity
webence CWE-863
critical
9.8
2022-11-18 CVE-2022-34827 Incorrect Authorization vulnerability in Carel Boss Mini Firmware 1.5.0
Carel Boss Mini 1.5.0 has Improper Access Control.
network
low complexity
carel CWE-863
critical
9.9
2022-11-18 CVE-2022-40216 Incorrect Authorization vulnerability in Wordplus Better Messages
Auth.
network
low complexity
wordplus CWE-863
6.5
2022-11-17 CVE-2022-36785 Incorrect Authorization vulnerability in Dlink G Integrated Access Device4 Firmware 1.0
D-Link – G integrated Access Device4 Information Disclosure & Authorization Bypass.
network
low complexity
dlink CWE-863
7.5
2022-11-17 CVE-2022-42903 Incorrect Authorization vulnerability in Zohocorp Manageengine Supportcenter Plus 11.0
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
local
low complexity
zohocorp CWE-863
3.3
2022-11-16 CVE-2022-4014 Incorrect Authorization vulnerability in Feehi Feehicms
A vulnerability, which was classified as problematic, has been found in FeehiCMS.
network
low complexity
feehi CWE-863
4.3
2022-11-15 CVE-2022-41918 Incorrect Authorization vulnerability in Amazon Opensearch 2.0.0/2.0.1/2.1.0
OpenSearch is a community-driven, open source fork of Elasticsearch and Kibana.
network
low complexity
amazon CWE-863
critical
9.8