Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-06-27 CVE-2024-4011 Incorrect Authorization vulnerability in Gitlab
An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives.
network
low complexity
gitlab CWE-863
4.3
2024-06-27 CVE-2024-6323 Incorrect Authorization vulnerability in Gitlab
Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project.
network
low complexity
gitlab CWE-863
7.5
2024-06-24 CVE-2024-38369 Incorrect Authorization vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-863
4.3
2024-06-21 CVE-2023-38389 Incorrect Authorization vulnerability in Artbees Jupiter X Core
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8.
network
low complexity
artbees CWE-863
critical
9.8
2024-06-21 CVE-2024-1639 Incorrect Authorization vulnerability in Wpexperts License Manager for Woocommerce
The License Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on the showLicenseKey() and showAllLicenseKeys() functions in all versions up to, and including, 3.0.7.
network
low complexity
wpexperts CWE-863
6.5
2024-06-18 CVE-2024-5860 Incorrect Authorization vulnerability in Tickera
The Tickera – WordPress Event Ticketing plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the tc_dl_delete_tickets AJAX action in all versions up to, and including, 3.5.2.8.
network
low complexity
tickera CWE-863
4.3
2024-06-13 CVE-2024-34106 Incorrect Authorization vulnerability in Adobe Commerce and Magento
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass.
network
low complexity
adobe CWE-863
5.3
2024-06-10 CVE-2024-27848 Incorrect Authorization vulnerability in Apple Ipados and Macos
This issue was addressed with improved permissions checking.
local
low complexity
apple CWE-863
7.8
2024-06-05 CVE-2024-23669 Incorrect Authorization vulnerability in Fortinet Fortiwebmanager
An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.
network
low complexity
fortinet CWE-863
8.8
2024-05-18 CVE-2024-3745 MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.
local
low complexity
CWE-863
7.8