Vulnerabilities > Incorrect Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-03 | CVE-2024-45588 | Incorrect Authorization vulnerability in Symphonyfintech XTS Mobile Trader and XTS web Trader This vulnerability exists in Symphony XTS Web Trading platform version 2.0.0.1_P160 due to improper access controls on APIs in the Preference module of the application. | 8.1 |
| 2024-09-01 | CVE-2024-45509 | Incorrect Authorization vulnerability in Misp In MISP through 2.4.196, app/Controller/BookmarksController.php does not properly restrict access to bookmarks data in the case where the user is not an org admin. | 6.5 |
| 2024-08-30 | CVE-2024-38868 | Incorrect Authorization vulnerability in Zohocorp Manageengine Endpoint Central Zohocorp ManageEngine Endpoint Central affected by Incorrect authorization vulnerability while isolating the devices.This issue affects Endpoint Central: before 11.3.2406.08 and before 11.3.2400.15 | 8.3 |
| 2024-08-29 | CVE-2024-41964 | Incorrect Authorization vulnerability in Getkirby Kirby Kirby is a CMS targeting designers and editors. | 8.1 |
| 2024-08-29 | CVE-2024-43954 | Incorrect Authorization vulnerability in Themeum Droip Incorrect Authorization vulnerability in Themeum Droip allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Droip: from n/a through 1.1.1. | 6.3 |
| 2024-08-25 | CVE-2024-8011 | Incorrect Authorization vulnerability in Logitech Options+ Logitech Options+ on MacOS prior 1.72 allows a local attacker to inject dynamic library within Options+ runtime and abuse permissions granted by the user to Options+ such as Camera. | 5.5 |
| 2024-08-22 | CVE-2024-3127 | Incorrect Authorization vulnerability in Gitlab An issue has been discovered in GitLab EE affecting all versions starting from 12.5 before 17.1.6, all versions starting from 17.2 before 17.2.4, all versions starting from 17.3 before 17.3.1. | 4.3 |
| 2024-08-22 | CVE-2024-7836 | Incorrect Authorization vulnerability in Themify Builder The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1. | 4.3 |
| 2024-08-21 | CVE-2024-7604 | Incorrect Authorization vulnerability in Logsign Unified Secops Platform 6.4.20 Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability. | 7.8 |
| 2024-08-20 | CVE-2024-6337 | Incorrect Authorization vulnerability in Github Enterprise Server An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository. | 6.5 |