Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-01-23 | CVE-2023-49783 | Incorrect Authorization vulnerability in Silverstripe Admin Silverstripe Admin provides a basic management interface for the Silverstripe Framework. | 4.3 |
2024-01-22 | CVE-2024-23675 | Incorrect Authorization vulnerability in Splunk Cloud and Splunk In Splunk Enterprise versions below 9.0.8 and 9.1.3, Splunk app key value store (KV Store) improperly handles permissions for users that use the REST application programming interface (API). | 6.5 |
2024-01-19 | CVE-2024-23329 | Incorrect Authorization vulnerability in Changedetection changedetection.io is an open source tool designed to monitor websites for content changes. | 3.7 |
2024-01-16 | CVE-2022-0775 | Incorrect Authorization vulnerability in Woocommerce The WooCommerce WordPress plugin before 6.2.1 does not have proper authorisation check when deleting reviews, which could allow any authenticated users, such as subscriber to delete arbitrary comment | 4.3 |
2024-01-16 | CVE-2023-52111 | Incorrect Authorization vulnerability in Huawei Emui and Harmonyos Authorization vulnerability in the BootLoader module. | 7.5 |
2024-01-12 | CVE-2023-5356 | Incorrect Authorization vulnerability in Gitlab Incorrect authorization checks in GitLab CE/EE from all versions starting from 8.13 before 16.5.6, all versions starting from 16.6 before 16.6.4, all versions starting from 16.7 before 16.7.2, allows a user to abuse slack/mattermost integrations to execute slash commands as another user. | 8.8 |
2024-01-09 | CVE-2024-21735 | Incorrect Authorization vulnerability in SAP LT Replication Server SAP LT Replication Server - version S4CORE 103, S4CORE 104, S4CORE 105, S4CORE 106, S4CORE 107, S4CORE 108, does not perform necessary authorization checks. | 7.2 |
2024-01-03 | CVE-2023-41779 | Incorrect Authorization vulnerability in ZTE Zxcloud Irai Firmware There is an illegal memory access vulnerability of ZTE's ZXCLOUD iRAI product.When the vulnerability is exploited by an attacker with the common user permission, the physical machine will be crashed. | 5.5 |
2023-12-27 | CVE-2023-52077 | Incorrect Authorization vulnerability in Nexryai Nexkey Nexkey is a lightweight fork of Misskey v12 optimized for small to medium size servers. | 9.8 |
2023-12-26 | CVE-2023-5644 | Incorrect Authorization vulnerability in Wpvibes WP Mail LOG The WP Mail Log WordPress plugin before 1.1.3 does not correctly authorize its REST API endpoints, allowing users with the Contributor role to view and delete data that should only be accessible to Admin users. | 7.6 |