Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2023-12-05 CVE-2023-33071 Incorrect Authorization vulnerability in Qualcomm products
Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.
local
low complexity
qualcomm CWE-863
7.8
2023-12-05 CVE-2023-42569 Incorrect Authorization vulnerability in Samsung Android 11.0/13.0
Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.
local
low complexity
samsung CWE-863
3.3
2023-12-05 CVE-2023-42575 Incorrect Authorization vulnerability in Samsung Pass 4.0.05.1/4.2.03.1
Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.
low complexity
samsung CWE-863
6.8
2023-12-03 CVE-2023-49947 Incorrect Authorization vulnerability in Forgejo
Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.
network
low complexity
forgejo CWE-863
7.5
2023-12-01 CVE-2023-42006 Incorrect Authorization vulnerability in IBM I
IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks.
local
low complexity
ibm CWE-863
5.5
2023-11-30 CVE-2023-47827 Incorrect Authorization vulnerability in Nicheaddons Events Addon for Elementor
Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Events Addon for Elementor: from n/a through 2.1.3.
network
low complexity
nicheaddons CWE-863
7.5
2023-11-27 CVE-2023-40610 Incorrect Authorization vulnerability in Apache Superset
Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2.
network
low complexity
apache CWE-863
8.8
2023-11-24 CVE-2023-48712 Incorrect Authorization vulnerability in Warpgate Project Warpgate
Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux.
network
low complexity
warpgate-project CWE-863
8.8
2023-11-20 CVE-2023-48309 Incorrect Authorization vulnerability in Nextauth.Js Next-Auth
NextAuth.js provides authentication for Next.js.
network
low complexity
nextauth-js CWE-863
5.3
2023-11-20 CVE-2023-5509 Incorrect Authorization vulnerability in Premio Mystickymenu
The myStickymenu WordPress plugin before 2.6.5 does not adequately authorize some ajax calls, allowing any logged-in user to perform the actions.
network
low complexity
premio CWE-863
5.4