Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-08-09 | CVE-2023-4242 | Incorrect Authorization vulnerability in Full - Customer The FULL - Customer plugin for WordPress is vulnerable to Information Disclosure via the /health REST route in versions up to, and including, 2.2.3 due to improper authorization. | 4.3 |
| 2023-08-08 | CVE-2023-37491 | Incorrect Authorization vulnerability in SAP Message Server The ACL (Access Control List) of SAP Message Server - versions KERNEL 7.22, KERNEL 7.53, KERNEL 7.54, KERNEL 7.77, RNL64UC 7.22, RNL64UC 7.22EXT, RNL64UC 7.53, KRNL64NUC 7.22, KRNL64NUC 7.22EXT, can be bypassed in certain conditions, which may enable an authenticated malicious user to enter the network of the SAP systems served by the attacked SAP Message server. | 8.8 |
| 2023-08-07 | CVE-2023-39363 | Incorrect Authorization vulnerability in Vyperlang Vyper 0.2.15/0.2.16/0.3.0 Vyper is a Pythonic Smart Contract Language for the Ethereum Virtual Machine (EVM). | 5.9 |
| 2023-08-07 | CVE-2023-32783 | Incorrect Authorization vulnerability in Zohocorp Manageengine Adaudit Plus 7.1.1 The event analysis component in Zoho ManageEngine ADAudit Plus 7.1.1 allows an attacker to bypass audit detection by creating or renaming user accounts with a "$" symbol suffix. | 7.5 |
| 2023-08-07 | CVE-2023-4194 | Incorrect Authorization vulnerability in multiple products A flaw was found in the Linux kernel's TUN/TAP functionality. | 5.5 |
| 2023-08-03 | CVE-2023-28468 | Incorrect Authorization vulnerability in Insyde Kernel An issue was discovered in FvbServicesRuntimeDxe in Insyde InsydeH2O with kernel 5.0 through 5.5. | 6.5 |
| 2023-08-03 | CVE-2023-38958 | Incorrect Authorization vulnerability in Zkteco Bioaccess IVS 3.3.1 An access control issue in ZKTeco BioAccess IVS v3.3.1 allows unauthenticated attackers to arbitrarily close and open the doors managed by the platform remotely via sending a crafted web request. | 5.3 |
| 2023-08-02 | CVE-2023-23476 | Incorrect Authorization vulnerability in IBM products IBM Robotic Process Automation 21.0.0 through 21.0.7.latest is vulnerable to unauthorized access to data due to insufficient authorization validation on some API routes. | 6.5 |
| 2023-07-31 | CVE-2023-36089 | Incorrect Authorization vulnerability in Dlink Dir-645 Firmware 1.03 Authentication Bypass vulnerability in D-Link DIR-645 firmware version 1.03 allows remote attackers to gain escalated privileges via function phpcgi_main in cgibin. | 9.8 |
| 2023-07-31 | CVE-2023-36090 | Incorrect Authorization vulnerability in Dlink Dir-885L Firmware 1.02 Authentication Bypass vulnerability in D-Link DIR-885L FW102b01 allows remote attackers to gain escalated privileges via phpcgi. | 9.8 |