Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-10-25 | CVE-2022-30356 | Incorrect Authorization vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . | 4.7 |
2024-10-25 | CVE-2022-30358 | Incorrect Authorization vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. | 8.8 |
2024-10-25 | CVE-2024-49376 | Incorrect Authorization vulnerability in Autolabproject Autolab 3.0.0 Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. | 8.8 |
2024-10-25 | CVE-2024-44099 | Incorrect Authorization vulnerability in Google Android There is a possible Local bypass of user interaction due to an insecure default value. | 5.5 |
2024-10-24 | CVE-2024-10295 | A flaw was found in Gateway. | 7.5 |
2024-10-23 | CVE-2024-20482 | Incorrect Authorization vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. | 6.5 |
2024-10-22 | CVE-2024-49208 | Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06 Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. | 3.1 |
2024-10-22 | CVE-2024-49209 | Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06 Archer Platform 2024.03 before version 2024.09 is affected by an API authorization bypass vulnerability related to supporting application files. | 4.3 |
2024-10-22 | CVE-2024-48925 | Incorrect Authorization vulnerability in Umbraco CMS Umbraco, a free and open source .NET content management system, has an improper access control issue starting in version 14.0.0 and prior to version 14.3.0. | 6.5 |
2024-10-22 | CVE-2024-38002 | Incorrect Authorization vulnerability in Liferay Digital Experience Platform and Liferay Portal The workflow component in Liferay Portal 7.3.2 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92 and 7.3 GA through update 36 does not properly check user permissions before updating a workflow definition, which allows remote authenticated users to modify workflow definitions and execute arbitrary code (RCE) via the headless API. | 8.8 |