CWE:
 

Tytuł
Data
Autor
Med.
Transposh WordPress Translation 1.0.8.1 Incorrect Authorization
20.08.2022
Julien Ahrens
Med.
Transposh WordPress Translation 1.0.7 Incorrect Authorization
01.08.2022
Julien Ahrens
Med.
Easy Appointments 1.4.2 Information Disclosure
23.04.2022
Anonymous
Low
Easy!Appointments Information Disclosure
15.04.2022
Alexandre Zanni
Med.
Revive Adserver 5.0.4 Security Bypass / Open Redirect
14.03.2020
Matteo Beccati


Common Weakness Enumeration (CWE)

CVE
Szczegóły
Opis
2024-07-09
Waiting for details
CVE-2024-39871

Updating...
 

 
A vulnerability has been identified in SINEMA Remote Connect Server (All versions < V3.2 SP1). Affected applications do not properly separate the rights to edit device settings and to edit settings for communication relations. This could allow an authenticated attacker with the permission to manage devices to gain access to participant groups that the attacked does not belong to.

 
2024-06-28
Waiting for details
CVE-2024-39352

Updating...
 

 
A vulnerability regarding incorrect authorization is found in the firmware upgrade functionality. This allows remote authenticated users with administrator privileges to bypass firmware integrity check via unspecified vectors. The following models with Synology Camera Firmware versions before 1.0.7-0298 may be affected: BC500 and TC500.

 
2024-06-21
Waiting for details
CVE-2023-38389

Updating...
 

 
Incorrect Authorization vulnerability in Artbees JupiterX Core allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects JupiterX Core: from n/a through 3.3.8.

 
2024-06-13
Waiting for details
CVE-2024-34106

Updating...
 

 
Adobe Commerce versions 2.4.7, 2.4.6-p5, 2.4.5-p7, 2.4.4-p8 and earlier are affected by an Incorrect Authorization vulnerability that could result in a security feature bypass. An attacker could exploit this vulnerability to gain unauthorized access or perform actions with the privileges of another user. Exploitation of this issue does not require user interaction.

 
2024-06-12
Waiting for details
CVE-2024-0160

Updating...
 

 
Dell Client Platform contains an incorrect authorization vulnerability. An attacker with physical access to the system could potentially exploit this vulnerability by bypassing BIOS authorization to modify settings in the BIOS.

 
Waiting for details
CVE-2024-36265

Updating...
 

 
** UNSUPPORTED WHEN ASSIGNED ** Incorrect Authorization vulnerability in Apache Submarine Server Core. This issue affects Apache Submarine Server Core: from 0.8.0. As this project is retired, we do not plan to release a version that fixes this issue. Users are recommended to find an alternative or restrict access to the instance to trusted users. NOTE: This vulnerability only affects products that are no longer supported by the maintainer.

 
2024-06-06
Waiting for details
CVE-2024-5130

Updating...
 

 
An Incorrect Authorization vulnerability exists in lunary-ai/lunary versions up to and including 1.2.2, which allows unauthenticated users to delete any dataset. The vulnerability is due to the lack of proper authorization checks in the dataset deletion endpoint. Specifically, the endpoint does not verify if the provided project ID belongs to the current user, thereby allowing any dataset to be deleted without proper authentication. This issue was fixed in version 1.2.8.

 
2024-05-18
Waiting for details
CVE-2024-3745

Updating...
 

 
MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.

 
2024-05-17
Waiting for details
CVE-2024-34434

Updating...
 

 
Incorrect Authorization vulnerability in realmag777 WordPress Meta Data and Taxonomies Filter (MDTF) allows Code Inclusion, Functionality Misuse.This issue affects WordPress Meta Data and Taxonomies Filter (MDTF): from n/a through 1.3.3.2.

 
2024-05-07
Waiting for details
CVE-2024-28148

Updating...
 

 
An authenticated user could potentially access metadata for a datasource they are not authorized to view by submitting a targeted REST API request.This issue affects Apache Superset: before 4.0.0. Users are recommended to upgrade to version 4.0.0, which fixes the issue.

 

 


Copyright 2024, cxsecurity.com

 

Back to Top