Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-01-23 CVE-2023-49783 Incorrect Authorization vulnerability in Silverstripe Admin
Silverstripe Admin provides a basic management interface for the Silverstripe Framework.
network
low complexity
silverstripe CWE-863
4.3
2024-01-22 CVE-2024-23675 Incorrect Authorization vulnerability in Splunk Cloud and Splunk
In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API).
network
low complexity
splunk CWE-863
6.5
2024-01-19 CVE-2024-23329 Incorrect Authorization vulnerability in Changedetection
changedetection.io is an open source tool designed to monitor websites for content changes.
network
high complexity
changedetection CWE-863
3.7
2024-01-16 CVE-2022-0775 Incorrect Authorization vulnerability in Woocommerce
The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment
network
low complexity
woocommerce CWE-863
4.3
2024-01-16 CVE-2023-52111 Incorrect Authorization vulnerability in Huawei Emui and Harmonyos
Authorization vulnerability in the BootLoader module.
network
low complexity
huawei CWE-863
7.5
2024-01-12 CVE-2023-5356 Incorrect Authorization vulnerability in Gitlab
Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user.
network
low complexity
gitlab CWE-863
8.8
2024-01-09 CVE-2024-21735 Incorrect Authorization vulnerability in SAP LT Replication Server
SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks.
network
low complexity
sap CWE-863
7.2
2024-01-03 CVE-2023-41779 Incorrect Authorization vulnerability in ZTE Zxcloud Irai Firmware
There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed.
local
low complexity
zte CWE-863
5.5
2023-12-27 CVE-2023-52077 Incorrect Authorization vulnerability in Nexryai Nexkey
Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers.
network
low complexity
nexryai CWE-863
critical
9.8
2023-12-26 CVE-2023-5644 Incorrect Authorization vulnerability in Wpvibes WP Mail LOG
The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users.
network
low complexity
wpvibes CWE-863
7.6