Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-02-09 CVE-2024-24774 Incorrect Authorization vulnerability in Mattermost Server 5.23.0
Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues.
network
low complexity
mattermost CWE-863
4.1
2024-02-07 CVE-2024-24824 Incorrect Authorization vulnerability in Graylog
Graylog is a free and open log management platform.
network
low complexity
graylog CWE-863
8.8
2024-02-06 CVE-2024-20828 Incorrect Authorization vulnerability in Samsung Internet
Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication.
low complexity
samsung CWE-863
4.6
2024-02-05 CVE-2023-6963 Incorrect Authorization vulnerability in Motopress Getwid - Gutenberg Blocks 1.8.3/2.0.3
The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4.
network
low complexity
motopress CWE-863
5.3
2024-02-05 CVE-2024-22208 Incorrect Authorization vulnerability in PHPmyfaq
phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases.
network
low complexity
phpmyfaq CWE-863
6.5
2024-02-02 CVE-2023-32967 Incorrect Authorization vulnerability in Qnap QTS and Qutscloud
An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions.
network
low complexity
qnap CWE-863
6.5
2024-01-31 CVE-2024-24573 Incorrect Authorization vulnerability in Facilemanager
facileManager is a modular suite of web apps built with the sysadmin in mind.
network
low complexity
facilemanager CWE-863
8.8
2024-01-31 CVE-2024-23653 Incorrect Authorization vulnerability in Mobyproject Buildkit
BuildKit is a toolkit for converting source code to build artifacts in an efficient, expressive and repeatable manner.
network
low complexity
mobyproject CWE-863
critical
9.8
2024-01-30 CVE-2024-22938 Incorrect Authorization vulnerability in Bosscms 1.3.0
Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component.
local
low complexity
bosscms CWE-863
7.8
2024-01-23 CVE-2023-44401 Incorrect Authorization vulnerability in Silverstripe Graphql
The Silverstripe CMS GraphQL Server serves Silverstripe data as GraphQL representations.
network
low complexity
silverstripe CWE-863
5.3