Vulnerabilities > Incorrect Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-08-15 | CVE-2022-2354 | Incorrect Authorization vulnerability in Wp-Dbmanager Project Wp-Dbmanager The WP-DBManager WordPress plugin before 2.80.8 does not prevent administrators from running arbitrary commands on the server in multisite installations, where only super-administrators should. | 7.2 |
2022-08-01 | CVE-2022-35921 | Incorrect Authorization vulnerability in Friendsofflarum Byobu 0.30.0 fof/byobu is a private discussions extension for Flarum forum. | 4.3 |
2022-08-01 | CVE-2022-31190 | Incorrect Authorization vulnerability in Duraspace Dspace DSpace open source software is a repository application which provides durable access to digital resources. | 5.3 |
2022-08-01 | CVE-2022-31155 | Incorrect Authorization vulnerability in Sourcegraph Sourcegraph is an opensource code search and navigation engine. | 4.3 |
2022-08-01 | CVE-2022-35716 | Incorrect Authorization vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. | 6.5 |
2022-07-26 | CVE-2022-1499 | Incorrect Authorization vulnerability in Google Chrome Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 6.3 |
2022-07-25 | CVE-2022-0594 | Incorrect Authorization vulnerability in Shareaholic The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. | 5.3 |
2022-07-23 | CVE-2022-1132 | Incorrect Authorization vulnerability in Google Chrome Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device. | 6.1 |
2022-07-22 | CVE-2022-31168 | Incorrect Authorization vulnerability in Zulip Zulip is an open source team chat tool. | 8.8 |
2022-07-20 | CVE-2022-34046 | Incorrect Authorization vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716 An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);]. | 7.5 |