Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-11-01 | CVE-2021-24717 | Incorrect Authorization vulnerability in Automatorwp The AutomatorWP WordPress plugin before 1.7.6 does not perform capability checks which allows users with Subscriber roles to enumerate automations, disclose title of private posts or user emails, call functions, or perform privilege escalation via Ajax actions. | 8.8 |
| 2021-10-29 | CVE-2021-41189 | Incorrect Authorization vulnerability in Duraspace Dspace 7.0 DSpace is an open source turnkey repository application. | 7.2 |
| 2021-10-14 | CVE-2021-38345 | Incorrect Authorization vulnerability in Brizy Brizy-Page Builder The Brizy Page Builder plugin <= 2.3.11 for WordPress used an incorrect authorization check that allowed any logged-in user accessing any endpoint in the wp-admin directory to modify the content of any existing post or page created with the Brizy editor. | 6.5 |
| 2021-10-13 | CVE-2021-20803 | Incorrect Authorization vulnerability in Cybozu Remote Service Manager 3.1.8/3.1.9 Operation restriction bypass in the management screen of Cybozu Remote Service 3.1.8 to 3.1.9 allows a remote authenticated attacker to alter the data of the management screen. | 5.4 |
| 2021-10-11 | CVE-2021-42137 | Incorrect Authorization vulnerability in Zammad An issue was discovered in Zammad before 5.0.1. | 5.3 |
| 2021-10-07 | CVE-2021-28661 | Incorrect Authorization vulnerability in Silverstripe Default SilverStripe GraphQL Server (aka silverstripe/graphql) 3.x through 3.4.1 permission checker not inherited by query subclass. | 4.3 |
| 2021-10-05 | CVE-2021-22262 | Incorrect Authorization vulnerability in Gitlab Missing access control in all GitLab versions starting from 13.12 before 14.0.9, all versions starting from 14.1 before 14.1.4, and all versions starting from 14.2 before 14.2.2 with Jira Cloud integration enabled allows Jira users without administrative privileges to add and remove Jira Connect Namespaces via the GitLab.com for Jira Cloud application configuration page | 4.3 |
| 2021-10-04 | CVE-2021-41093 | Incorrect Authorization vulnerability in Wire Wire is an open source secure messenger. | 9.8 |
| 2021-09-28 | CVE-2021-22535 | Incorrect Authorization vulnerability in Microfocus Netiq Directory and Resource Administrator Unauthorized information security disclosure vulnerability on Micro Focus Directory and Resource Administrator (DRA) product, affecting all DRA versions prior to 10.1 Patch 1. | 4.9 |
| 2021-09-24 | CVE-2021-40654 | Incorrect Authorization vulnerability in Dlink Dir-615 Firmware 17.00 An information disclosure issue exist in D-LINK-DIR-615 B2 2.01mt. | 6.5 |