Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-20 | CVE-2023-5509 | Incorrect Authorization vulnerability in Premio Mystickymenu The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. | 5.4 |
| 2023-11-20 | CVE-2023-5799 | Incorrect Authorization vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them | 5.4 |
| 2023-11-07 | CVE-2023-46244 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |
| 2023-11-07 | CVE-2023-42541 | Incorrect Authorization vulnerability in Samsung Push Service Improper authorization in PushClientProvider of Samsung Push Service prior to version 3.4.10 allows attacker to access unique id. | 5.3 |
| 2023-11-06 | CVE-2023-5352 | Incorrect Authorization vulnerability in Getawesomesupport Awesome Support The Awesome Support WordPress plugin before 6.1.5 does not correctly authorize the wpas_edit_reply function, allowing users to edit posts for which they do not have permission. | 4.3 |
| 2023-11-01 | CVE-2023-20048 | Incorrect Authorization vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web services interface of Cisco Firepower Management Center (FMC) Software could allow an authenticated, remote attacker to execute certain unauthorized configuration commands on a Firepower Threat Defense (FTD) device that is managed by the FMC Software. | 9.9 |
| 2023-10-31 | CVE-2023-22518 | Incorrect Authorization vulnerability in Atlassian Confluence Data Center All versions of Confluence Data Center and Server are affected by this unexploited vulnerability. | 9.8 |
| 2023-10-31 | CVE-2023-45899 | Incorrect Authorization vulnerability in Idnovate Superuser 2.3.5 An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call. | 7.5 |
| 2023-10-30 | CVE-2023-21390 | Incorrect Authorization vulnerability in Google Android In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. | 7.8 |
| 2023-10-30 | CVE-2023-21311 | Incorrect Authorization vulnerability in Google Android In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. | 5.5 |