Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-16 | CVE-2024-5816 | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a suspended GitHub App to retain access to the repository via a scoped user access token. | 5.3 |
| 2024-07-16 | CVE-2024-5817 | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed read access to issue content via GitHub Projects. | 6.5 |
| 2024-07-05 | CVE-2024-39696 | Incorrect Authorization vulnerability in Evmos Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos Network. | 8.1 |
| 2024-07-02 | CVE-2024-39324 | Incorrect Authorization vulnerability in Aimeos Ai-Admin-Graphql aimeos/ai-admin-graphql is the Aimeos GraphQL API admin interface. | 3.8 |
| 2024-06-28 | CVE-2024-39352 | Incorrect Authorization vulnerability in Synology Bc500 Firmware and Tc500 Firmware A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. | 4.9 |
| 2024-06-27 | CVE-2024-4011 | Incorrect Authorization vulnerability in Gitlab An issue was discovered in GitLab CE/EE affecting all versions starting from 16.1 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows non-project member to promote key results to objectives. | 4.3 |
| 2024-06-27 | CVE-2024-6323 | Incorrect Authorization vulnerability in Gitlab Improper authorization in global search in GitLab EE affecting all versions from 16.11 prior to 16.11.5 and 17.0 prior to 17.0.3 and 17.1 prior to 17.1.1 allows an attacker leak content of a private repository in a public project. | 7.5 |
| 2024-06-24 | CVE-2024-38369 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 4.3 |
| 2024-06-13 | CVE-2024-2098 | Incorrect Authorization vulnerability in W3Eden Download Manager The Download Manager plugin for WordPress is vulnerable to unauthorized access of data due to an improper authorization check on the 'protectMediaLibrary' function in all versions up to, and including, 3.2.89. | 7.5 |
| 2024-06-11 | CVE-2024-31402 | Incorrect Authorization vulnerability in Cybozu Garoon Incorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared To-Dos. | 4.3 |