Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-10-31 | CVE-2023-45899 | Incorrect Authorization vulnerability in Idnovate Superuser An issue in the component SuperUserSetuserModuleFrontController:init() of idnovate superuser before v2.4.2 allows attackers to bypass authentication via a crafted HTTP call. | 7.5 |
| 2023-10-31 | CVE-2023-46139 | Incorrect Authorization vulnerability in Kernelsu KernelSU is a Kernel based root solution for Android. | 5.7 |
| 2023-10-30 | CVE-2023-21390 | Incorrect Authorization vulnerability in Google Android In Sim, there is a possible way to evade mobile preference restrictions due to a permission bypass. | 7.8 |
| 2023-10-30 | CVE-2023-21311 | Incorrect Authorization vulnerability in Google Android In Settings, there is a possible way to control private DNS settings from a secondary user due to a permissions bypass. | 5.5 |
| 2023-10-30 | CVE-2023-47090 | Incorrect Authorization vulnerability in Linuxfoundation Nats-Server NATS nats-server before 2.9.23 and 2.10.x before 2.10.2 has an authentication bypass. | 6.5 |
| 2023-10-26 | CVE-2023-46754 | Incorrect Authorization vulnerability in Obl.Ong Admin The admin panel for Obl.ong before 1.1.2 allows authorization bypass because the email OTP feature accepts arbitrary numerical values. | 5.3 |
| 2023-10-25 | CVE-2023-43508 | Incorrect Authorization vulnerability in Arubanetworks Clearpass Policy Manager Vulnerabilities in the web-based management interface of ClearPass Policy Manager allow an attacker with read-only privileges to perform actions that change the state of the ClearPass Policy Manager instance. | 6.5 |
| 2023-10-25 | CVE-2023-43961 | Incorrect Authorization vulnerability in Dromara Sa-Token An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass. | 8.8 |
| 2023-10-25 | CVE-2023-46125 | Incorrect Authorization vulnerability in Ethyca Fides Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. | 6.5 |
| 2023-10-20 | CVE-2020-36714 | Incorrect Authorization vulnerability in Brizy Brizy-Page Builder The Brizy plugin for WordPress is vulnerable to authorization bypass due to a incorrect capability check on the is_administrator() function in versions up to, and including, 1.0.125. | 8.1 |