Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-12-06 | CVE-2023-49239 | Incorrect Authorization vulnerability in Huawei Emui and Harmonyos Unauthorized access vulnerability in the card management module. | 7.5 |
| 2023-12-06 | CVE-2023-49240 | Incorrect Authorization vulnerability in Huawei Emui and Harmonyos Unauthorized access vulnerability in the launcher module. | 7.5 |
| 2023-12-05 | CVE-2023-33071 | Incorrect Authorization vulnerability in Qualcomm products Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities. | 7.8 |
| 2023-12-05 | CVE-2023-42569 | Incorrect Authorization vulnerability in Samsung Android 11.0/13.0 Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji. | 3.3 |
| 2023-12-05 | CVE-2023-42575 | Incorrect Authorization vulnerability in Samsung Pass 4.0.05.1/4.2.03.1 Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting. | 6.8 |
| 2023-12-03 | CVE-2023-49947 | Incorrect Authorization vulnerability in Forgejo Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication. | 7.5 |
| 2023-12-01 | CVE-2023-42006 | Incorrect Authorization vulnerability in IBM I IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. | 5.5 |
| 2023-11-20 | CVE-2023-5509 | Incorrect Authorization vulnerability in Premio Mystickymenu The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions. | 5.4 |
| 2023-11-20 | CVE-2023-5799 | Incorrect Authorization vulnerability in Thimpress WP Hotel Booking The WP Hotel Booking WordPress plugin before 2.0.8 does not have proper authorisation when deleting a package, allowing Contributor and above roles to delete posts that do no belong to them | 5.4 |
| 2023-11-07 | CVE-2023-46244 | Incorrect Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. | 8.8 |