Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-08-30 CVE-2024-38868 Incorrect Authorization vulnerability in Zohocorp Manageengine Endpoint Central
Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15
network
low complexity
zohocorp CWE-863
8.3
2024-08-29 CVE-2024-41964 Incorrect Authorization vulnerability in Getkirby Kirby
Kirby is a CMS targeting designers and editors.
network
low complexity
getkirby CWE-863
8.1
2024-08-29 CVE-2024-43954 Incorrect Authorization vulnerability in Themeum Droip
Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1.
network
low complexity
themeum CWE-863
6.3
2024-08-25 CVE-2024-8011 Incorrect Authorization vulnerability in Logitech Options+
Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera.
local
low complexity
logitech CWE-863
5.5
2024-08-22 CVE-2024-3127 Incorrect Authorization vulnerability in Gitlab
An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1.
network
low complexity
gitlab CWE-863
4.3
2024-08-22 CVE-2024-7836 Incorrect Authorization vulnerability in Themify Builder
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1.
network
low complexity
themify CWE-863
4.3
2024-08-21 CVE-2024-7604 Incorrect Authorization vulnerability in Logsign Unified Secops Platform 6.4.20
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability.
local
low complexity
logsign CWE-863
7.8
2024-08-20 CVE-2024-6337 Incorrect Authorization vulnerability in Github Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository.
network
low complexity
github CWE-863
6.5
2024-08-20 CVE-2024-7711 Incorrect Authorization vulnerability in Github Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository.
network
low complexity
github CWE-863
4.3
2024-08-20 CVE-2024-39690 Incorrect Authorization vulnerability in Projectcapsule Capsule
Capsule is a multi-tenancy and policy-based framework for Kubernetes.
network
low complexity
projectcapsule CWE-863
8.8