Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-12-17 CVE-2024-9654 Incorrect Authorization vulnerability in Awesomemotive Easy Digital Downloads
The Easy Digital Downloads plugin for WordPress is vulnerable to Improper Authorization in versions 3.1 through 3.3.4.
network
high complexity
awesomemotive CWE-863
3.7
2024-12-12 CVE-2024-55662 Incorrect Authorization vulnerability in Xwiki
XWiki Platform is a generic wiki platform.
network
low complexity
xwiki CWE-863
8.8
2024-12-12 CVE-2024-55633 Incorrect Authorization vulnerability in Apache Superset
Improper Authorization vulnerability in Apache Superset.
network
low complexity
apache CWE-863
6.5
2024-12-09 CVE-2024-53949 Incorrect Authorization vulnerability in Apache Superset
Improper Authorization vulnerability in Apache Superset when FAB_ADD_SECURITY_API is enabled (disabled by default).
network
low complexity
apache CWE-863
6.5
2024-12-04 CVE-2023-52943 Incorrect Authorization vulnerability in Synology Surveillance Station
Incorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to to perform limited actions on the alerting function via unspecified vectors.
network
low complexity
synology CWE-863
4.3
2024-12-04 CVE-2023-52944 Incorrect Authorization vulnerability in Synology Surveillance Station
Incorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 allows remote authenticated users to perform limited actions on the set action rules function via unspecified vectors.
network
low complexity
synology CWE-863
4.3
2024-11-26 CVE-2024-11680 Incorrect Authorization vulnerability in Projectsend
ProjectSend versions prior to r1720 are affected by an improper authentication vulnerability.
network
low complexity
projectsend CWE-863
critical
9.8
2024-11-19 CVE-2023-21270 Incorrect Authorization vulnerability in Google Android 12.0/12.1/13.0
In restorePermissionState of PermissionManagerServiceImpl.java, there is a possible way for an app to keep permissions that should be revoked due to incorrect permission flags cleared during an update.
local
low complexity
google CWE-863
7.8
2024-11-18 CVE-2024-21287 Incorrect Authorization vulnerability in Oracle Agile Product Lifecycle Management 9.3.6
Vulnerability in the Oracle Agile PLM Framework product of Oracle Supply Chain (component: Software Development Kit, Process Extension).
network
low complexity
oracle CWE-863
7.5
2024-11-18 CVE-2024-48897 Incorrect Authorization vulnerability in Moodle
A vulnerability was found in Moodle.
network
low complexity
moodle CWE-863
4.3