Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-27 | CVE-2022-40816 | Incorrect Authorization vulnerability in Zammad 5.2.0/5.2.1 Zammad 5.2.1 is vulnerable to Incorrect Access Control. | 6.5 |
| 2022-09-26 | CVE-2022-3048 | Incorrect Authorization vulnerability in multiple products Inappropriate implementation in Chrome OS lockscreen in Google Chrome on Chrome OS prior to 105.0.5195.52 allowed a local attacker to bypass lockscreen navigation restrictions via physical access to the device. | 6.8 |
| 2022-09-26 | CVE-2022-3024 | Incorrect Authorization vulnerability in Simple Bitcoin Faucets Project Simple Bitcoin Faucets The Simple Bitcoin Faucets WordPress plugin through 1.7.0 does not have any authorisation and CSRF in an AJAX action, allowing any authenticated users, such as subscribers to call it and add/delete/edit Bonds. | 5.4 |
| 2022-09-19 | CVE-2022-0143 | Incorrect Authorization vulnerability in Forgerock Ldap Connector When the LDAP connector is started with StartTLS configured, unauthenticated access is granted. | 9.8 |
| 2022-09-15 | CVE-2022-36074 | Incorrect Authorization vulnerability in Nextcloud Enterprise Server and Nextcloud Server Nextcloud server is an open source personal cloud product. | 7.5 |
| 2022-09-13 | CVE-2022-36103 | Incorrect Authorization vulnerability in Siderolabs Talos Linux Talos Linux is a Linux distribution built for Kubernetes deployments. | 8.8 |
| 2022-09-12 | CVE-2022-37767 | Incorrect Authorization vulnerability in Pebbletemplates Pebble Templates 3.1.5 Pebble Templates 3.1.5 allows attackers to bypass a protection mechanism and implement arbitrary code execution with springbok. | 9.8 |
| 2022-09-06 | CVE-2022-23451 | Incorrect Authorization vulnerability in multiple products An authorization flaw was found in openstack-barbican. | 8.1 |
| 2022-09-05 | CVE-2022-2597 | Incorrect Authorization vulnerability in Visualportfolio Visual Portfolio, Photo Gallery & Post Grid The Visual Portfolio, Photo Gallery & Post Grid WordPress plugin before 2.19.0 does not have proper authorisation checks in some of its REST endpoints, allowing users with a role as low as contributor to call them and inject arbitrary CSS in arbitrary saved layouts | 5.4 |
| 2022-09-01 | CVE-2022-23452 | Incorrect Authorization vulnerability in multiple products An authorization flaw was found in openstack-barbican, where anyone with an admin role could add secrets to a different project container. | 4.9 |