Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-10-25 CVE-2022-30356 Incorrect Authorization vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters .
network
low complexity
ovaledge CWE-863
4.7
2024-10-25 CVE-2022-30358 Incorrect Authorization vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters.
network
low complexity
ovaledge CWE-863
8.8
2024-10-25 CVE-2024-49376 Incorrect Authorization vulnerability in Autolabproject Autolab 3.0.0
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0.
network
low complexity
autolabproject CWE-863
8.8
2024-10-25 CVE-2024-44099 Incorrect Authorization vulnerability in Google Android
There is a possible Local bypass of user interaction due to an insecure default value.
local
low complexity
google CWE-863
5.5
2024-10-24 CVE-2024-10295 A flaw was found in Gateway.
network
low complexity
CWE-863
7.5
2024-10-23 CVE-2024-20482 Incorrect Authorization vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device.
network
low complexity
cisco CWE-863
6.5
2024-10-22 CVE-2024-49208 Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06
Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files.
network
high complexity
archerirm CWE-863
3.1
2024-10-22 CVE-2024-49209 Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06
Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files.
network
low complexity
archerirm CWE-863
4.3
2024-10-22 CVE-2024-48925 Incorrect Authorization vulnerability in Umbraco CMS
Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0.
network
low complexity
umbraco CWE-863
6.5
2024-10-22 CVE-2024-38002 Incorrect Authorization vulnerability in Liferay Digital Experience Platform and Liferay Portal
The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API.
network
low complexity
liferay CWE-863
8.8