Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-03 | CVE-2023-41779 | Incorrect Authorization vulnerability in ZTE Zxcloud Irai Firmware There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. | 5.5 |
| 2023-12-26 | CVE-2023-5644 | Incorrect Authorization vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. | 7.6 |
| 2023-12-26 | CVE-2023-49949 | Incorrect Authorization vulnerability in Passwork 4.6.13/5.0.9 Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes. | 8.1 |
| 2023-12-21 | CVE-2023-51379 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. | 4.9 |
| 2023-12-21 | CVE-2023-51380 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 4.3 |
| 2023-12-21 | CVE-2023-50732 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.3 |
| 2023-12-20 | CVE-2023-50705 | Incorrect Authorization vulnerability in Efacec UC 500E Firmware 10.1.0 An attacker could create malicious requests to obtain sensitive information about the web server. | 5.3 |
| 2023-12-18 | CVE-2023-6355 | Incorrect Authorization vulnerability in Gallagher Controller 7000 Firmware Incorrect selection of fuse values in the Controller 7000 platform allows an attacker to bypass some protection mechanisms to enable local debug. | 6.8 |
| 2023-12-12 | CVE-2020-10676 | Incorrect Authorization vulnerability in Suse Rancher In Rancher 2.x before 2.6.13 and 2.7.x before 2.7.4, an incorrectly applied authorization check allows users who have certain access to a namespace to move that namespace to a different project. | 8.8 |
| 2023-12-12 | CVE-2023-6542 | Incorrect Authorization vulnerability in SAP Emarsys SDK 3.6.2 Due to lack of proper authorization checks in Emarsys SDK for Android, an attacker can call a particular activity and can forward himself web pages and/or deep links without any validation directly from the host application. | 7.1 |