Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-03-20 | CVE-2022-4148 | Incorrect Permission Assignment for Critical Resource vulnerability in Dash10 Oauth Server The WP OAuth Server (OAuth Authentication) WordPress plugin before 4.2.5 has a flawed CSRF and authorisation check when deleting a client, which could allow any authenticated users, such as subscriber to delete arbitrary client. | 4.3 |
| 2023-03-16 | CVE-2023-27084 | Incorrect Permission Assignment for Critical Resource vulnerability in Dreamer CMS Project Dreamer CMS 4.0.1 Permissions vulnerability found in isoftforce Dreamer CMS v.4.0.1 allows local attackers to obtain sensitive information via the AttachmentController parameter. | 5.3 |
| 2023-03-16 | CVE-2023-27095 | Incorrect Permission Assignment for Critical Resource vulnerability in Opengoofy Hippo4J Insecure Permissions vulnerability found in OpenGoofy Hippo4j v.1.4.3 allows attacker toescalate privileges via the AddUser method of the UserController function in Tenant Management module. | 6.5 |
| 2023-03-06 | CVE-2023-23939 | Incorrect Permission Assignment for Critical Resource vulnerability in Microsoft Azure Setup Kubectl Azure/setup-kubectl is a GitHub Action for installing Kubectl. | 7.0 |
| 2023-03-03 | CVE-2022-45552 | Incorrect Permission Assignment for Critical Resource vulnerability in ZBT We1626 Firmware 21.06.18 An Insecure Permissions vulnerability in Shenzhen Zhiboton Electronics ZBT WE1626 Router v 21.06.18 allows attackers to obtain sensitive information via SPI bus interface connected to pinout of the NAND flash memory. | 7.5 |
| 2023-02-23 | CVE-2023-24205 | Incorrect Permission Assignment for Critical Resource vulnerability in Clash Project Clash 0.20.12 Clash for Windows v0.20.12 was discovered to contain a remote code execution (RCE) vulnerability which is exploited via overwriting the configuration file (cfw-setting.yaml). | 9.8 |
| 2023-02-20 | CVE-2022-44216 | Incorrect Permission Assignment for Critical Resource vulnerability in SIR Gnuboard 5.5.4/5.5.5 Gnuboard 5.5.4 and 5.5.5 is vulnerable to Insecure Permissions. | 7.5 |
| 2023-02-17 | CVE-2021-3172 | Incorrect Permission Assignment for Critical Resource vulnerability in PHP-Fusion 9.03.90 An issue in Php-Fusion v9.03.90 fixed in v9.10.00 allows authenticated attackers to cause a Distributed Denial of Service via the Polling feature. | 8.1 |
| 2023-02-08 | CVE-2023-25150 | Incorrect Permission Assignment for Critical Resource vulnerability in Nextcloud Richdocuments Nextcloud office/richdocuments is an office suit for the nextcloud server platform. | 5.7 |
| 2023-02-03 | CVE-2021-37304 | Incorrect Permission Assignment for Critical Resource vulnerability in Jeecg An Insecure Permissions issue in jeecg-boot 2.4.5 allows unauthenticated remote attackers to gain escalated privilege and view sensitive information via the httptrace interface. | 7.5 |