Vulnerabilities > Incorrect Permission Assignment for Critical Resource
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-01-12 | CVE-2023-49257 | Incorrect Permission Assignment for Critical Resource vulnerability in Hongdian H8951-4G-Esp Firmware An authenticated user is able to upload an arbitrary CGI-compatible file using the certificate upload utility and execute it with the root user privileges. | 8.8 |
| 2024-01-11 | CVE-2023-6506 | Incorrect Permission Assignment for Critical Resource vulnerability in Wpwhitesecurity WP 2FA The WP 2FA – Two-factor authentication for WordPress plugin for WordPress is vulnerable to Insecure Direct Object Reference in all versions up to, and including, 2.5.0 via the send_backup_codes_email due to missing validation on a user controlled key. | 4.3 |
| 2024-01-11 | CVE-2023-6883 | Incorrect Permission Assignment for Critical Resource vulnerability in Easysocialfeed Easy Social Feed The Easy Social Feed plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in all versions up to, and including, 6.5.2. | 4.3 |
| 2024-01-09 | CVE-2023-44120 | Incorrect Permission Assignment for Critical Resource vulnerability in Siemens Spectrum Power 7 2.20/2.30/23Q3 A vulnerability has been identified in Spectrum Power 7 (All versions < V23Q4). | 7.8 |
| 2023-12-22 | CVE-2023-7055 | Incorrect Permission Assignment for Critical Resource vulnerability in PHPgurukul Online Notes Sharing System 1.0 A vulnerability classified as problematic has been found in PHPGurukul Online Notes Sharing System 1.0. | 5.4 |
| 2023-12-14 | CVE-2023-0757 | Incorrect Permission Assignment for Critical Resource vulnerability in Phoenixcontact Multiprog and Proconos Eclr Incorrect Permission Assignment for Critical Resource vulnerability in PHOENIX CONTACT MULTIPROG, PHOENIX CONTACT ProConOS eCLR (SDK) allows an unauthenticated remote attacker to upload arbitrary malicious code and gain full access on the affected device. | 9.8 |
| 2023-12-14 | CVE-2023-46141 | Incorrect Permission Assignment for Critical Resource vulnerability in Phoenixcontact products Incorrect Permission Assignment for Critical Resource vulnerability in multiple products of the PHOENIX CONTACT classic line allow an remote unauthenticated attacker to gain full access of the affected device. | 9.8 |
| 2023-12-14 | CVE-2023-46142 | Incorrect Permission Assignment for Critical Resource vulnerability in Phoenixcontact products A incorrect permission assignment for critical resource vulnerability in PLCnext products allows an remote attacker with low privileges to gain full access on the affected devices. | 8.8 |
| 2023-12-14 | CVE-2023-25648 | Incorrect Permission Assignment for Critical Resource vulnerability in ZTE Zxcloud Irai Firmware 6.03.04 There is a weak folder permission vulnerability in ZTE's ZXCLOUD iRAI product. | 7.8 |
| 2023-12-12 | CVE-2023-6593 | Incorrect Permission Assignment for Critical Resource vulnerability in Devolutions Remote Desktop Manager Client side permission bypass in Devolutions Remote Desktop Manager 2023.3.4.0 and earlier on iOS allows an attacker that has access to the application to execute entries in a SQL data source without restriction. | 9.8 |