Vulnerabilities > Incorrect Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2023-03-01	CVE-2023-0952	Incorrect Authorization vulnerability in Devolutions Server Improper access controls on entries in Devolutions Server 2022.3.12 and earlier could allow an authenticated user to access sensitive data without proper authorization. network low complexity devolutions CWE-863	6.5
2023-02-28	CVE-2023-25575	Incorrect Authorization vulnerability in Api-Platform Core API Platform Core is the server component of API Platform: hypermedia and GraphQL APIs. network low complexity api-platform CWE-863	6.5
2023-02-23	CVE-2023-23918	Incorrect Authorization vulnerability in Nodejs Node.Js A privilege escalation vulnerability exists in Node.js <19.6.1, <18.14.1, <16.19.1 and <14.21.3 that made it possible to bypass the experimental Permissions (https://nodejs.org/api/permissions.html) feature in Node.js and access non authorized modules by using process.mainModule.require(). network low complexity nodejs CWE-863	7.5
2023-02-17	CVE-2023-23064	Incorrect Authorization vulnerability in Totolink A720R Firmware 4.1.5Cu.532B20210610 TOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control. network low complexity totolink CWE-863 critical	9.8
2023-02-17	CVE-2021-32163	Incorrect Authorization vulnerability in Linuxfoundation Modular Open Smart Network Authentication vulnerability in MOSN v.0.23.0 allows attacker to escalate privileges via case-sensitive JWT authorization. network low complexity linuxfoundation CWE-863 critical	9.8
2023-02-16	CVE-2023-23947	Incorrect Authorization vulnerability in Argoproj Argo CD Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. network high complexity argoproj CWE-863	8.5
2023-02-16	CVE-2023-24485	Incorrect Authorization vulnerability in Citrix Workspace 1912/2105/2203.1 Vulnerabilities have been identified that, collectively, allow a standard Windows user to perform operations as SYSTEM on the computer running Citrix Workspace app. local low complexity citrix CWE-863	7.8
2023-02-14	CVE-2023-21715	Incorrect Authorization vulnerability in Microsoft 365 Apps Microsoft Publisher Security Feature Bypass Vulnerability local low complexity microsoft CWE-863	7.3
2023-02-14	CVE-2023-0814	Incorrect Authorization vulnerability in Cozmoslabs Profile Builder The Profile Builder – User Profile & User Registration Forms plugin for WordPress is vulnerable to sensitive information disclosure via the [user_meta] shortcode in versions up to, and including 3.9.0. network low complexity cozmoslabs CWE-863	6.5
2023-02-11	CVE-2023-25559	Incorrect Authorization vulnerability in Datahub Project Datahub DataHub is an open-source metadata platform. network low complexity datahub-project CWE-863	8.1

Vulnerabilities > Incorrect Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Incorrect Authorization"}]}

Vulnerabilities > Incorrect Authorization