Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2023-10-30 | CVE-2023-47090 | Incorrect Authorization vulnerability in Linuxfoundation Nats-Server NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. | 6.5 |
2023-10-26 | CVE-2023-46754 | Incorrect Authorization vulnerability in Obl.Ong Admin 1.0.0/1.1.0/1.1.1 The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values. | 5.3 |
2023-10-25 | CVE-2023-43508 | Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. | 6.5 |
2023-10-25 | CVE-2023-43961 | Incorrect Authorization vulnerability in Dromara Sa-Token An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 8.8 |
2023-10-25 | CVE-2023-46125 | Incorrect Authorization vulnerability in Ethyca Fides Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. | 6.5 |
2023-10-20 | CVE-2020-36714 | Incorrect Authorization vulnerability in Brizy Brizy-Page Builder The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. | 8.1 |
2023-10-20 | CVE-2021-4334 | Incorrect Authorization vulnerability in Radykal Fancy Product Designer The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. | 8.8 |
2023-10-20 | CVE-2023-34051 | Incorrect Authorization vulnerability in VMWare Aria Operations for Logs VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | 9.8 |
2023-10-16 | CVE-2023-29484 | Incorrect Authorization vulnerability in Terminalfour In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. | 6.5 |
2023-10-16 | CVE-2023-43119 | Incorrect Authorization vulnerability in Extremenetworks Exos 31.7.0/31.7.1/32.0 An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server. | 9.8 |