Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-24 | CVE-2023-48712 | Incorrect Authorization vulnerability in Warpgate Project Warpgate Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. | 8.8 |
| 2023-11-20 | CVE-2023-48309 | Incorrect Authorization vulnerability in Nextauth.Js Next-Auth NextAuth.js provides authentication for Next.js. | 5.3 |
| 2023-11-20 | CVE-2023-5509 | Incorrect Authorization vulnerability in Premio Mystickymenu The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. | 5.4 |
| 2023-11-20 | CVE-2023-5799 | Incorrect Authorization vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them | 5.4 |
| 2023-11-20 | CVE-2023-48218 | Incorrect Authorization vulnerability in Strapi Protected Populate The Strapi Protected Populate Plugin protects `get` endpoints from revealing too much information. | 5.3 |
| 2023-11-20 | CVE-2023-3379 | Incorrect Authorization vulnerability in Wago products Wago web-based management of multiple products has a vulnerability which allows an local authenticated attacker to change the passwords of other non-admin users and thus to escalate non-root privileges. | 5.3 |
| 2023-11-14 | CVE-2022-40681 | Incorrect Authorization vulnerability in Fortinet Forticlient A incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attacker to cause denial of service via sending a crafted request to a specific named pipe. | 7.1 |
| 2023-11-14 | CVE-2023-31403 | Incorrect Authorization vulnerability in SAP Business ONE 10.0 SAP Business One installation - version 10.0, does not perform proper authentication and authorization checks for SMB shared folder. | 8.0 |
| 2023-11-12 | CVE-2023-47037 | Incorrect Authorization vulnerability in Apache Airflow We failed to apply CVE-2023-40611 in 2.7.1 and this vulnerability was marked as fixed then. Apache Airflow, versions before 2.7.3, is affected by a vulnerability that allows authenticated and DAG-view authorized Users to modify some DAG run detail values when submitting notes. | 4.3 |
| 2023-11-07 | CVE-2023-46244 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |