Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-11-01 | CVE-2024-49256 | Incorrect Authorization vulnerability in Wpchill Htaccess File Editor Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18. | 8.8 |
| 2024-10-29 | CVE-2024-48921 | Incorrect Authorization vulnerability in Nirmata Kyverno Kyverno is a policy engine designed for Kubernetes. | 2.7 |
| 2024-10-28 | CVE-2024-44217 | Incorrect Authorization vulnerability in Apple Iphone OS A permissions issue was addressed by removing vulnerable code and adding additional checks. | 9.1 |
| 2024-10-25 | CVE-2022-30356 | Incorrect Authorization vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters . | 4.7 |
| 2024-10-25 | CVE-2022-30358 | Incorrect Authorization vulnerability in Ovaledge OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters. | 8.8 |
| 2024-10-25 | CVE-2024-49376 | Incorrect Authorization vulnerability in Autolabproject Autolab 3.0.0 Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0. | 8.8 |
| 2024-10-25 | CVE-2024-44099 | Incorrect Authorization vulnerability in Google Android There is a possible Local bypass of user interaction due to an insecure default value. | 5.5 |
| 2024-10-24 | CVE-2024-10295 | A flaw was found in Gateway. | 7.5 |
| 2024-10-23 | CVE-2024-20482 | Incorrect Authorization vulnerability in Cisco Secure Firewall Management Center A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device. | 6.5 |
| 2024-10-22 | CVE-2024-49208 | Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06 Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files. | 3.1 |