Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-11-01 CVE-2024-49256 Incorrect Authorization vulnerability in Wpchill Htaccess File Editor
Incorrect Authorization vulnerability in WPChill Htaccess File Editor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Htaccess File Editor: from n/a through 1.0.18.
network
low complexity
wpchill CWE-863
8.8
2024-10-29 CVE-2024-48921 Incorrect Authorization vulnerability in Nirmata Kyverno
Kyverno is a policy engine designed for Kubernetes.
network
low complexity
nirmata CWE-863
2.7
2024-10-28 CVE-2024-44217 Incorrect Authorization vulnerability in Apple Iphone OS
A permissions issue was addressed by removing vulnerable code and adding additional checks.
network
low complexity
apple CWE-863
critical
9.1
2024-10-25 CVE-2022-30356 Incorrect Authorization vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by a Privilege Escalation vulnerability via a POST request to /user/assignuserrole via the userid and role parameters .
network
low complexity
ovaledge CWE-863
4.7
2024-10-25 CVE-2022-30358 Incorrect Authorization vulnerability in Ovaledge
OvalEdge 5.2.8.0 and earlier is affected by an Account Takeover vulnerability via a POST request to /user/updatePassword via the userId and newPsw parameters.
network
low complexity
ovaledge CWE-863
8.8
2024-10-25 CVE-2024-49376 Incorrect Authorization vulnerability in Autolabproject Autolab 3.0.0
Autolab, a course management service that enables auto-graded programming assignments, has misconfigured reset password permissions in version 3.0.0.
network
low complexity
autolabproject CWE-863
8.8
2024-10-25 CVE-2024-44099 Incorrect Authorization vulnerability in Google Android
There is a possible Local bypass of user interaction due to an insecure default value.
local
low complexity
google CWE-863
5.5
2024-10-24 CVE-2024-10295 A flaw was found in Gateway.
network
low complexity
CWE-863
7.5
2024-10-23 CVE-2024-20482 Incorrect Authorization vulnerability in Cisco Secure Firewall Management Center
A vulnerability in the web-based management interface of Cisco Secure Firewall Management Center (FMC) Software, formerly Firepower Management Center Software, could allow an authenticated, remote attacker to elevate privileges on an affected device.
network
low complexity
cisco CWE-863
6.5
2024-10-22 CVE-2024-49208 Incorrect Authorization vulnerability in Archerirm Archer 2024.03/2024.04/2024.06
Archer Platform 2024.03 before version 2024.08 is affected by an authorization bypass vulnerability related to supporting application files.
network
high complexity
archerirm CWE-863
3.1