Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-25 | CVE-2022-39322 | Incorrect Authorization vulnerability in Keystonejs Keystone 2.2.0/2.3.0 @keystone-6/core is a core package for Keystone 6, a content management system for Node.js. | 9.8 |
| 2022-10-10 | CVE-2022-42724 | Incorrect Authorization vulnerability in Misp-Project Malware Information Sharing Platform app/Controller/UsersController.php in MISP before 2.4.164 allows attackers to discover role names (this is information that only the site admin should have). | 4.3 |
| 2022-10-07 | CVE-2022-41574 | Incorrect Authorization vulnerability in Gradle Enterprise An access-control vulnerability in Gradle Enterprise 2022.4 through 2022.3.1 allows remote attackers to prevent backups from occurring, and send emails with arbitrary text content to the configured installation-administrator contact address, via HTTP access to an accidentally exposed internal endpoint. | 7.5 |
| 2022-10-07 | CVE-2022-36634 | Incorrect Authorization vulnerability in Zkteco Zkbiosecurity V5000 3.0.5.0R An access control issue in ZKTeco ZKBioSecurity V5000 3.0.5_r allows attackers to arbitrarily create admin users via a crafted HTTP request. | 8.8 |
| 2022-09-29 | CVE-2021-40692 | Incorrect Authorization vulnerability in Moodle Insufficient capability checks made it possible for teachers to download users outside of their courses. | 4.3 |
| 2022-09-27 | CVE-2022-40816 | Incorrect Authorization vulnerability in Zammad 5.2.0/5.2.1 Zammad 5.2.1 is vulnerable to Incorrect Access Control. | 6.5 |
| 2022-09-26 | CVE-2022-3048 | Incorrect Authorization vulnerability in multiple products Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. | 6.8 |
| 2022-09-19 | CVE-2022-0143 | Incorrect Authorization vulnerability in Forgerock Ldap Connector When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. | 9.8 |
| 2022-09-15 | CVE-2022-36074 | Incorrect Authorization vulnerability in Nextcloud Enterprise Server and Nextcloud Server Nextcloud server is an open source personal cloud product. | 7.5 |
| 2022-09-13 | CVE-2022-36103 | Incorrect Authorization vulnerability in Siderolabs Talos Linux Talos Linux is a Linux distribution built for Kubernetes deployments. | 8.8 |