Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-02-12 | CVE-2024-25108 | Incorrect Authorization vulnerability in Pixelfed Pixelfed is an open source photo sharing platform. | 8.8 |
| 2024-02-12 | CVE-2023-6036 | Incorrect Authorization vulnerability in Miniorange Web3 - Crypto Wallet Login & NFT Token Gating The Web3 WordPress plugin before 3.0.0 is vulnerable to an authentication bypass due to incorrect authentication checking in the login flow in functions 'handle_auth_request' and 'hadle_login_request'. | 9.8 |
| 2024-02-09 | CVE-2024-24774 | Incorrect Authorization vulnerability in Mattermost Server Mattermost Jira Plugin handling subscriptions fails to check the security level of an incoming issue or limit it based on the user who created the subscription resulting in registered users on Jira being able to create webhooks that give them access to all Jira issues. | 4.1 |
| 2024-02-07 | CVE-2024-24824 | Incorrect Authorization vulnerability in Graylog Graylog is a free and open log management platform. | 8.8 |
| 2024-02-06 | CVE-2024-20828 | Incorrect Authorization vulnerability in Samsung Internet Improper authorization verification vulnerability in Samsung Internet prior to version 24.0 allows physical attackers to access files downloaded in SecretMode without proper authentication. | 4.6 |
| 2024-02-05 | CVE-2023-6963 | Incorrect Authorization vulnerability in Motopress Getwid The Getwid – Gutenberg Blocks plugin for WordPress is vulnerable to CAPTCHA Bypass in versions up to, and including, 2.0.4. | 5.3 |
| 2024-02-02 | CVE-2023-32967 | Incorrect Authorization vulnerability in Qnap QTS and Qutscloud An incorrect authorization vulnerability has been reported to affect several QNAP operating system versions. | 6.5 |
| 2024-01-31 | CVE-2024-24573 | Incorrect Authorization vulnerability in Facilemanager facileManager is a modular suite of web apps built with the sysadmin in mind. | 8.8 |
| 2024-01-30 | CVE-2024-22938 | Incorrect Authorization vulnerability in Bosscms 1.3.0 Insecure Permissions vulnerability in BossCMS v.1.3.0 allows a local attacker to execute arbitrary code and escalate privileges via the init function in admin.class.php component. | 7.8 |
| 2024-01-22 | CVE-2024-23675 | Incorrect Authorization vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). | 6.5 |