Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-25 | CVE-2023-43961 | Incorrect Authorization vulnerability in Dromara Sa-Token An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 8.8 |
| 2023-10-25 | CVE-2023-46125 | Incorrect Authorization vulnerability in Ethyca Fides Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. | 6.5 |
| 2023-10-20 | CVE-2020-36714 | Incorrect Authorization vulnerability in Brizy The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. | 8.1 |
| 2023-10-20 | CVE-2021-4334 | Incorrect Authorization vulnerability in Radykal Fancy Product Designer The Fancy Product Designer plugin for WordPress is vulnerable to unauthorized modification of site options due to a missing capability check on the fpd_update_options function in versions up to, and including, 4.6.9. | 8.8 |
| 2023-10-20 | CVE-2023-34051 | Incorrect Authorization vulnerability in VMWare Aria Operations for Logs VMware Aria Operations for Logs contains an authentication bypass vulnerability. An unauthenticated, malicious actor can inject files into the operating system of an impacted appliance which can result in remote code execution. | 9.8 |
| 2023-10-16 | CVE-2023-29484 | Incorrect Authorization vulnerability in Terminalfour In Terminalfour before 8.3.16, misconfigured LDAP users are able to login with an invalid password. | 6.5 |
| 2023-10-16 | CVE-2023-43119 | Incorrect Authorization vulnerability in Extremenetworks Exos 31.7.0/31.7.1/32.0 An Access Control issue discovered in Extreme Networks Switch Engine (EXOS) before 32.5.1.5, also fixed in 22.7, 31.7.2 allows attackers to gain escalated privileges using crafted telnet commands via Redis server. | 9.8 |
| 2023-10-12 | CVE-2023-40829 | Incorrect Authorization vulnerability in Tencent Enterprise Wechat Privatization 2.5.0/2.6.930000 There is an interface unauthorized access vulnerability in the background of Tencent Enterprise Wechat Privatization 2.5.x and 2.6.930000. | 7.5 |
| 2023-10-11 | CVE-2023-35653 | Incorrect Authorization vulnerability in Google Android In TBD of TBD, there is a possible way to access location information due to a permissions bypass. | 4.4 |
| 2023-10-10 | CVE-2023-36556 | Incorrect Authorization vulnerability in Fortinet Fortimail An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests. | 8.8 |