Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-01-11 | CVE-2023-22945 | Incorrect Authorization vulnerability in multiple products In the GrowthExperiments extension for MediaWiki through 1.39, the growthmanagementorlist API allows blocked users (blocked in ApiManageMentorList) to enroll as mentors or edit any of their mentorship-related properties. | 4.3 |
| 2023-01-10 | CVE-2023-21560 | Incorrect Authorization vulnerability in Microsoft products Windows Boot Manager Security Feature Bypass Vulnerability | 6.6 |
| 2023-01-09 | CVE-2015-10033 | Incorrect Authorization vulnerability in Merlinsboard Project Merlinsboard A vulnerability, which was classified as problematic, was found in jvvlee MerlinsBoard. | 6.5 |
| 2023-01-09 | CVE-2022-46258 | Incorrect Authorization vulnerability in Github Enterprise Server An incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed a repository-scoped token with read/write access to modify Action Workflow files without a Workflow scope. | 6.5 |
| 2023-01-03 | CVE-2022-43438 | Incorrect Authorization vulnerability in Easy Test Project Easy Test 17L18S/22H29 The Administrator function of EasyTest has an Incorrect Authorization vulnerability. | 8.8 |
| 2022-12-26 | CVE-2021-45466 | Incorrect Authorization vulnerability in Control-Webpanel Webpanel In CWP (aka Control Web Panel or CentOS Web Panel) before 0.9.8.1107, attackers can make a crafted request to api/?api=add_server&DHCP= to add an authorized_keys text file in the /resources/ folder. | 9.8 |
| 2022-12-25 | CVE-2022-45891 | Incorrect Authorization vulnerability in Planetestream Planet Estream Planet eStream before 6.72.10.07 allows attackers to call restricted functions, and perform unauthenticated uploads (Upload2.ashx) or access content uploaded by other users (View.aspx after Ajax.asmx/SaveGrantAccessList). | 9.1 |
| 2022-12-22 | CVE-2022-22754 | Incorrect Authorization vulnerability in Mozilla Firefox If a user installed an extension of a particular type, the extension could have auto-updated itself and while doing so, bypass the prompt which grants the new version the new requested permissions. | 6.5 |
| 2022-12-22 | CVE-2022-38475 | Incorrect Authorization vulnerability in Mozilla Firefox An attacker could have written a value to the first element in a zero-length JavaScript array. | 6.5 |
| 2022-12-20 | CVE-2022-43872 | Incorrect Authorization vulnerability in IBM Financial Transaction Manager 3.2.4 IBM Financial Transaction Manager 3.2.4 authorization checks are done incorrectly for some HTTP requests which allows getting unauthorized technical information (e.g. | 5.3 |