Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-08-01 | CVE-2022-35716 | Incorrect Authorization vulnerability in IBM Urbancode Deploy IBM UrbanCode Deploy (UCD) 6.2.0.0 through 6.2.7.16, 7.0.0.0 through 7.0.5.11, 7.1.0.0 through 7.1.2.7, and 7.2.0.0 through 7.2.3.0 could allow an authenticated user to obtain sensitive information in some instances due to improper security checking. | 6.5 |
| 2022-07-26 | CVE-2022-1499 | Incorrect Authorization vulnerability in Google Chrome Inappropriate implementation in WebAuthentication in Google Chrome prior to 101.0.4951.41 allowed a remote attacker to bypass same origin policy via a crafted HTML page. | 6.3 |
| 2022-07-25 | CVE-2022-1309 | Incorrect Authorization vulnerability in Google Chrome Insufficient policy enforcement in developer tools in Google Chrome prior to 100.0.4896.88 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. | 9.6 |
| 2022-07-25 | CVE-2022-0594 | Incorrect Authorization vulnerability in Shareaholic The Professional Social Sharing Buttons, Icons & Related Posts WordPress plugin before 9.7.6 does not have proper authorisation check in one of the AJAX action, available to unauthenticated (in v < 9.7.5) and author+ (in v9.7.5) users, allowing them to call it and retrieve various information such as the list of active plugins, various version like PHP, cURL, WP etc. | 5.3 |
| 2022-07-23 | CVE-2022-1132 | Incorrect Authorization vulnerability in Google Chrome Inappropriate implementation in Virtual Keyboard in Google Chrome on Chrome OS prior to 100.0.4896.60 allowed a local attacker to bypass navigation restrictions via physical access to the device. | 6.1 |
| 2022-07-22 | CVE-2022-31168 | Incorrect Authorization vulnerability in Zulip Zulip is an open source team chat tool. | 8.8 |
| 2022-07-20 | CVE-2022-34046 | Incorrect Authorization vulnerability in Wavlink Wn533A8 Firmware M33A8.V5030.190716 An access control issue in Wavlink WN533A8 M33A8.V5030.190716 allows attackers to obtain usernames and passwords via view-source:http://IP_ADDRESS/sysinit.shtml?r=52300 and searching for [logincheck(user);]. | 7.5 |
| 2022-07-17 | CVE-2022-26479 | Incorrect Authorization vulnerability in Poly Eagleeye Director II Firmware An issue was discovered in Poly EagleEye Director II before 2.2.2.1. | 9.8 |
| 2022-07-16 | CVE-2022-36126 | Incorrect Authorization vulnerability in Inductiveautomation Ignition An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. | 7.2 |
| 2022-07-15 | CVE-2022-35890 | Incorrect Authorization vulnerability in Inductiveautomation Ignition An issue was discovered in Inductive Automation Ignition before 7.9.20 and 8.x before 8.1.17. | 9.8 |