Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-16 | CVE-2022-0775 | Incorrect Authorization vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment | 4.3 |
| 2024-01-16 | CVE-2023-52111 | Incorrect Authorization vulnerability in Huawei Emui and Harmonyos Authorization vulnerability in the BootLoader module. | 7.5 |
| 2024-01-12 | CVE-2023-5356 | Incorrect Authorization vulnerability in Gitlab Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user. | 8.8 |
| 2024-01-03 | CVE-2023-41779 | Incorrect Authorization vulnerability in ZTE Zxcloud Irai There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. | 5.5 |
| 2023-12-26 | CVE-2023-5644 | Incorrect Authorization vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. | 7.6 |
| 2023-12-26 | CVE-2023-49949 | Incorrect Authorization vulnerability in Passwork 4.6.13/5.0.9 Passwork before 6.2.0 allows remote authenticated users to bypass 2FA by sending all one million of the possible 6-digit codes. | 8.1 |
| 2023-12-21 | CVE-2023-51379 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be updated with an improperly scoped token. | 4.9 |
| 2023-12-21 | CVE-2023-51380 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed issue comments to be read with an improperly scoped token. This vulnerability affected all versions of GitHub Enterprise Server since 3.7 and was fixed in version 3.7.19, 3.8.12, 3.9.7, 3.10.4, and 3.11.1. | 4.3 |
| 2023-12-21 | CVE-2023-50732 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 6.3 |
| 2023-12-20 | CVE-2023-50705 | Incorrect Authorization vulnerability in Efacec UC 500E Firmware 10.1.0 An attacker could create malicious requests to obtain sensitive information about the web server. | 5.3 |