Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-14 | CVE-2024-24966 | Incorrect Authorization vulnerability in F5 F5Os-A and F5Os-C When LDAP remote authentication is configured on F5OS, a remote user without an assigned role will be incorrectly authorized. Note: Software versions which have reached End of Technical Support (EoTS) are not evaluated. | 5.5 |
| 2024-02-13 | CVE-2023-6152 | Incorrect Authorization vulnerability in Grafana A user changing their email after signing up and verifying it can change it without verification in profile settings. The configuration option "verify_email_enabled" will only validate email only on sign up. | 5.4 |
| 2024-02-13 | CVE-2024-24751 | Incorrect Authorization vulnerability in Derhansen Event Management and Registration 7.0.0 sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. | 8.8 |
| 2024-02-12 | CVE-2024-23833 | Incorrect Authorization vulnerability in Openrefine OpenRefine is a free, open source power tool for working with messy data and improving it. | 7.5 |
| 2024-02-12 | CVE-2024-25108 | Incorrect Authorization vulnerability in Pixelfed Pixelfed is an open source photo sharing platform. | 8.8 |
| 2024-02-12 | CVE-2023-6036 | Incorrect Authorization vulnerability in Miniorange Web3 - Crypto Wallet Login & NFT Token Gating The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. | 9.8 |
| 2024-02-09 | CVE-2024-24774 | Incorrect Authorization vulnerability in Mattermost Server Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. | 4.1 |
| 2024-02-07 | CVE-2024-24824 | Incorrect Authorization vulnerability in Graylog Graylog is a free and open log management platform. | 8.8 |
| 2024-02-06 | CVE-2024-20828 | Incorrect Authorization vulnerability in Samsung Internet Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. | 4.6 |
| 2024-02-05 | CVE-2023-6963 | Incorrect Authorization vulnerability in Motopress Getwid The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. | 5.3 |