Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-12-09 CVE-2024-53949 Incorrect Authorization vulnerability in Apache Superset
Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default).
network
low complexity
apache CWE-863
6.5
2024-12-04 CVE-2023-52943 Incorrect Authorization vulnerability in Synology Surveillance Station
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.
network
low complexity
synology CWE-863
4.3
2024-12-04 CVE-2023-52944 Incorrect Authorization vulnerability in Synology Surveillance Station
Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.
network
low complexity
synology CWE-863
4.3
2024-11-26 CVE-2024-11680 Incorrect Authorization vulnerability in Projectsend
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.
network
low complexity
projectsend CWE-863
critical
9.8
2024-11-19 CVE-2023-21270 Incorrect Authorization vulnerability in Google Android 12.0/12.1/13.0
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update.
local
low complexity
google CWE-863
7.8
2024-11-18 CVE-2024-21287 Incorrect Authorization vulnerability in Oracle Agile Product Lifecycle Management 9.3.6
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension).
network
low complexity
oracle CWE-863
7.5
2024-11-18 CVE-2024-48897 Incorrect Authorization vulnerability in Moodle
A vulnerability was found in Moodle.
network
low complexity
moodle CWE-863
4.3
2024-11-18 CVE-2024-48901 Incorrect Authorization vulnerability in Moodle
A vulnerability was found in Moodle.
network
low complexity
moodle CWE-863
4.3
2024-11-15 CVE-2024-52518 Incorrect Authorization vulnerability in Nextcloud Server
Nextcloud Server is a self hosted personal cloud system.
network
low complexity
nextcloud CWE-863
5.4
2024-11-14 CVE-2024-3379 Incorrect Authorization vulnerability in Lunary
In lunary-ai/lunary versions 1.2.2 through 1.2.6, an incorrect authorization vulnerability allows unprivileged users to re-generate the private key for projects they do not have access to.
network
low complexity
lunary CWE-863
8.1