Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-05-12 | CVE-2022-23139 | Incorrect Authorization vulnerability in ZTE Zxmp M721 Firmware 5.10.030.006 ZTE's ZXMP M721 product has a permission and access control vulnerability. | 6.5 |
| 2022-05-11 | CVE-2022-24584 | Incorrect Authorization vulnerability in Yubico OTP Incorrect access control in Yubico OTP functionality of the YubiKey hardware tokens along with the Yubico OTP validation server. | 6.5 |
| 2022-05-11 | CVE-2022-1124 | Incorrect Authorization vulnerability in Gitlab An improper authorization issue has been discovered in GitLab CE/EE affecting all versions prior to 14.8.6, all versions from 14.9.0 prior to 14.9.4, and 14.10.0, allowing Guest project members to access trace log of jobs when it is enabled | 3.5 |
| 2022-05-11 | CVE-2022-1460 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 9.2 before 14.8.6, all versions starting from 14.9 before 14.9.4, all versions starting from 14.10 before 14.10.1. | 4.9 |
| 2022-05-11 | CVE-2022-28774 | Incorrect Authorization vulnerability in SAP Host Agent 7.22 Under certain conditions, the SAP Host Agent logfile shows information which would otherwise be restricted. | 5.5 |
| 2022-05-10 | CVE-2022-0866 | Incorrect Authorization vulnerability in Redhat products This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configured with a RunAs principal. | 4.3 |
| 2022-05-10 | CVE-2022-1417 | Incorrect Authorization vulnerability in Gitlab Improper access control in GitLab CE/EE affecting all versions starting from 8.12 before 14.8.6, all versions starting from 14.9 before 14.9.4, and all versions starting from 14.10 before 14.10.1 allows non-project members to access contents of Project Members-only Wikis via malicious CI jobs | 4.0 |
| 2022-05-10 | CVE-2022-28601 | Incorrect Authorization vulnerability in Lmsdoctor 2 Factor Authentication A Two-Factor Authentication (2FA) bypass vulnerability in "Simple 2FA Plugin for Moodle" by LMS Doctor allows remote attackers to overwrite the phone number used for confirmation via the profile.php file. | 4.0 |
| 2022-05-09 | CVE-2022-1631 | Incorrect Authorization vulnerability in Microweber Users Account Pre-Takeover or Users Account Takeover. | 8.8 |
| 2022-05-04 | CVE-2021-42192 | Incorrect Authorization vulnerability in Konga Project Konga 0.14.9 Konga v0.14.9 is affected by an incorrect access control vulnerability where a specially crafted request can lead to privilege escalation. | 8.8 |