Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-12-13 | CVE-2021-24819 | Incorrect Authorization vulnerability in Page/Post Content Shortcode Project Page/Post Content Shortcode 1.0 The Page/Post Content Shortcode WordPress plugin through 1.0 does not have proper authorisation in place, allowing users with a role as low as contributor to access draft/private/password protected/trashed posts/pages they should not be allowed to, including posts created by other users such as admins and editors. | 4.3 |
| 2021-12-13 | CVE-2021-24872 | Incorrect Authorization vulnerability in GET Custom Field Values Project GET Custom Field Values The Get Custom Field Values WordPress plugin before 4.0 allows users with a role as low as Contributor to access other posts metadata without validating the permissions. | 6.5 |
| 2021-12-12 | CVE-2021-41805 | Incorrect Authorization vulnerability in Hashicorp Consul HashiCorp Consul Enterprise before 1.8.17, 1.9.x before 1.9.11, and 1.10.x before 1.10.4 has Incorrect Access Control. | 8.8 |
| 2021-12-09 | CVE-2021-29678 | Incorrect Authorization vulnerability in multiple products IBM Db2 for Linux, UNIX and Windows (includes Db2 Connect Server) 9.7, 10.1, 10.5, 11.1, and 11.5 could allow a user with DBADM authority to access other databases and read or modify files. | 8.7 |
| 2021-12-08 | CVE-2021-38503 | Incorrect Authorization vulnerability in multiple products The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the top-level frame. | 10.0 |
| 2021-12-08 | CVE-2021-41013 | Incorrect Authorization vulnerability in Fortinet Fortiweb An improper access control vulnerability [CWE-284] in FortiWeb versions 6.4.1 and below and 6.3.15 and below in the Report Browse section of Log & Report may allow an unauthorized and unauthenticated user to access the Log reports via their URLs. | 5.3 |
| 2021-12-08 | CVE-2021-42758 | Incorrect Authorization vulnerability in Fortinet Fortiwlc An improper access control vulnerability [CWE-284] in FortiWLC 8.6.1 and below may allow an authenticated and remote attacker with low privileges to execute any command as an admin user with full access rights via bypassing the GUI restrictions. | 8.8 |
| 2021-12-06 | CVE-2021-43781 | Incorrect Authorization vulnerability in Inveniosoftware Invenio-Drafts-Resources Invenio-Drafts-Resources is a submission/deposit module for Invenio, a software framework for research data management. | 4.3 |
| 2021-12-06 | CVE-2021-24917 | Incorrect Authorization vulnerability in Wpserveur WPS Hide Login The WPS Hide Login WordPress plugin before 1.9.1 has a bug which allows to get the secret login page by setting a random referer string and making a request to /wp-admin/options.php as an unauthenticated user. | 7.5 |
| 2021-11-30 | CVE-2021-4026 | Incorrect Authorization vulnerability in Bookstackapp Bookstack bookstack is vulnerable to Improper Access Control | 4.3 |