Vulnerabilities > Incorrect Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-08-22 CVE-2024-7836 Incorrect Authorization vulnerability in Themify Builder
The Themify Builder plugin for WordPress is vulnerable to unauthorized post duplication due to missing checks on the duplicate_page_ajaxify function in all versions up to, and including, 7.6.1.
network
low complexity
themify CWE-863
4.3
2024-08-21 CVE-2024-7604 Incorrect Authorization vulnerability in Logsign Unified Secops Platform 6.4.20
Logsign Unified SecOps Platform Incorrect Authorization Authentication Bypass Vulnerability.
local
low complexity
logsign CWE-863
7.8
2024-08-20 CVE-2024-6337 Incorrect Authorization vulnerability in Github Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed a GitHub App with only content: read and pull_request_write: write permissions to read issue content inside a private repository.
network
low complexity
github CWE-863
6.5
2024-08-20 CVE-2024-7711 Incorrect Authorization vulnerability in Github Enterprise Server
An Incorrect Authorization vulnerability was identified in GitHub Enterprise Server, allowing an attacker to update the title, assignees, and labels of any issue inside a public repository.
network
low complexity
github CWE-863
4.3
2024-08-20 CVE-2024-39690 Incorrect Authorization vulnerability in Projectcapsule Capsule
Capsule is a multi-tenancy and policy-based framework for Kubernetes.
network
low complexity
projectcapsule CWE-863
8.8
2024-08-19 CVE-2024-43250 Incorrect Authorization vulnerability in Bitapps BIT Form
Incorrect Authorization vulnerability in Bit Apps Bit Form Pro bitformpro allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Bit Form Pro: from n/a through 2.6.4.
network
low complexity
bitapps CWE-863
6.5
2024-08-13 CVE-2024-41939 Incorrect Authorization vulnerability in Siemens Sinec NMS 1.0/1.0.3/2.0
A vulnerability has been identified in SINEC NMS (All versions < V3.0).
network
low complexity
siemens CWE-863
8.8
2024-08-13 CVE-2024-41941 Incorrect Authorization vulnerability in Siemens Sinec NMS 1.0/1.0.3/2.0
A vulnerability has been identified in SINEC NMS (All versions < V3.0).
network
low complexity
siemens CWE-863
4.3
2024-08-12 CVE-2024-42473 Incorrect Authorization vulnerability in Openfga 1.5.7/1.5.8
OpenFGA is an authorization/permission engine.
network
low complexity
openfga CWE-863
critical
9.8
2024-08-07 CVE-2024-7265 Incorrect Authorization vulnerability in Nask EZD RP
Incorrect User Management vulnerability in Naukowa i Akademicka Siec Komputerowa - Panstwowy Instytut Badawczy EZD RP allows logged-in user to change the password of any user, including root user, which could lead to privilege escalation. This issue affects EZD RP: from 15 before 15.84, from 16 before 16.15, from 17 before 17.2.
network
low complexity
nask CWE-863
8.8