Check CVE Id
Check CWE Id
OX Documents 7.10.5 Improper Authorization
CTFd 2.1.5 Administrator Account Takeover
Social Engineering Neo
Microsoft Windows Task Scheduler Local Privilege Escalation
Social Engineering Neo
Slims CMS Akasia 8.3.1 SQL Injection
Slims CMS Akasia 8.3.1 Improper Authorization Vulnerability
Dell OpenManage Network Manager 184.108.40.206 SP3 Privilege Escalation
SAP Business Objects Unauthorized Audit Information Access
SAP Business Objects Unauthorized Audit Information Delete
SAP Business Objects Information Disclosure Via CORBA
SAP Business Warehouse Missing Authorization Check
SAP Business Objects Denial Of Service Via CORBA
Checkpoint Endpoint Security Media Encryption EPM Explorer Bypass
Zoom Telephonics Multiple Vulns
CVEMAP Search Results
In Apache Airflow, prior to version 2.4.1, deactivating a user wouldn't prevent an already authenticated user from being able to continue using the UI or API.
Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run admin-level functions via the API. This problem has been patched in v0.15.1.
XWiki Platform Old Core is a core package for XWiki Platform, a generic wiki platform. Prior to versions 220.127.116.11 and 14.3-rc-1, some resources are missing a check for inactive (not yet activated or disabled) users in XWiki, including the REST service. This means a disabled user can enable themselves using a REST call. On the same way some resources handler created by extensions are not protected by default, so an inactive user could perform actions for such extensions. This issue has existed since at least version 1.1 of XWiki for instance configured with the email activation required for new users. Now it's more critical for versions 11.3-rc-1 and later since the maintainers provided the capability to disable user without deleting them and encouraged using that feature. XWiki 14.3-rc-1 and XWiki 13.10.5 contain a patch. There is no workaround for this other than upgrading XWiki.
An Improper Authorization vulnerability in SUSE Rancher, allows any user who has permissions to create/edit cluster role template bindings or project role template bindings (such as cluster-owner, manage cluster members, project-owner and manage project members) to gain owner permission in another project in the same cluster or in another project on a different downstream cluster. This issue affects: SUSE Rancher Rancher versions prior to 2.6.7; Rancher versions prior to 2.5.16.
XWiki Platform Security Parent POM contains the security APIs for XWiki Platform, a generic wiki platform. Starting with version 5.0 and prior to 12.10.11, 13.10.1, and 13.4.6, a bug in the security cache stores rules associated to document Page1.Page2 and space Page1.Page2 in the same cache entry. That means that it's possible to overwrite the rights of a space or a document by creating the page of the space with the same name and checking the right of the new one first so that they end up in the security cache and are used for the other too. The problem has been patched in XWiki 12.10.11, 13.10.1, and 13.4.6. There are no known workarounds.
Improper Authorization in GitHub repository chatwoot/chatwoot prior to 2.8.
Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically crafted requests.
Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Authorization vulnerability that could result in Privilege escalation. An attacker could leverage this vulnerability to access other user's data. Exploitation of this issue does not require user interaction.
Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1.
Back to Top