Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-47090 Incorrect Authorization vulnerability in Linuxfoundation Nats-Server
NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass.
network
low complexity
linuxfoundation CWE-863
6.5
2023-10-26 CVE-2023-46754 Incorrect Authorization vulnerability in Obl.Ong Admin 1.0.0/1.1.0/1.1.1
The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values.
network
low complexity
obl-ong CWE-863
5.3
2023-10-25 CVE-2023-43508 Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager
Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance.
network
low complexity
arubanetworks CWE-863
6.5
2023-10-25 CVE-2023-43961 Incorrect Authorization vulnerability in Dromara Sa-Token
An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass.
network
low complexity
dromara CWE-863
8.8
2023-10-25 CVE-2023-46125 Incorrect Authorization vulnerability in Ethyca Fides
Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code.
network
low complexity
ethyca CWE-863
6.5
2023-10-20 CVE-2020-36714 Incorrect Authorization vulnerability in Brizy Brizy-Page Builder
The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125.
network
low complexity
brizy CWE-863
8.1
2023-10-20 CVE-2021-4334 Incorrect Authorization vulnerability in Radykal Fancy Product Designer
The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9.
network
low complexity
radykal CWE-863
8.8
2023-10-20 CVE-2023-34051 Incorrect Authorization vulnerability in VMWare Aria Operations for Logs
VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution.
network
low complexity
vmware CWE-863
critical
9.8
2023-10-16 CVE-2023-29484 Incorrect Authorization vulnerability in Terminalfour
In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password.
network
low complexity
terminalfour CWE-863
6.5
2023-10-16 CVE-2023-43119 Incorrect Authorization vulnerability in Extremenetworks Exos 31.7.0/31.7.1/32.0
An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server.
network
low complexity
extremenetworks CWE-863
critical
9.8