Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVEs (3,046)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2024-13302 1Ciandt 1Pages Restriction Access Sep 2, 2025 Jan 9, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Pages Restriction Access allows Forceful Browsing.This issue affects Pages Restriction Access: from 2.0.0 before 2.0.3.
CVE-2024-13291 1Basic Http Authentication Project 1Basic Http Authentication Sep 2, 2025 Jan 9, 2025 N/A· v4 7.3 HIGH· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Basic HTTP Authentication allows Forceful Browsing.This issue affects Basic HTTP Authentication: from 7.X-1.0 before 7.X-1.4.
CVE-2024-13290 1Ohdear 1Ohdear Integration Sep 2, 2025 Jan 9, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal OhDear Integration allows Forceful Browsing.This issue affects OhDear Integration: from 0.0.0 before 2.0.4.
CVE-2024-56114 1Henkel 1Canlineapp Jul 16, 2025 Jan 9, 2025 N/A· v4 6.5 MEDIUM· v3 N/A· v2 Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role...Show more Canlineapp Online 1.1 is vulnerable to Broken Access Control and allows users with the Auditor role to create an audit template as a result of improper authorization checks. This feature is designated for supervisor role, but auditors have been able to successfully create audit templates from their account.Show less
CVE-2024-13282 1Block Permissions Project 1Block Permissions Sep 2, 2025 Jan 9, 2025 N/A· v4 8.8 HIGH· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Block permissions allows Forceful Browsing.This issue affects Block permissions: from 1.0.0 before 1.2.0.
CVE-2024-13281 1Monster Menus Project 1Monster Menus Sep 2, 2025 Jan 9, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Monster Menus allows Forceful Browsing.This issue affects Monster Menus: from 0.0.0 before 9.3.2.
CVE-2024-13278 1Diff Project 1Diff Sep 2, 2025 Jan 9, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Diff allows Functionality Misuse.This issue affects Diff: from 0.0.0 before 1.8.0.
CVE-2024-13277 1Smart Ip Ban Project 1Smart Ip Ban Sep 2, 2025 Jan 9, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Smart IP Ban allows Forceful Browsing.This issue affects Smart IP Ban: from 7.X-1.0 before 7.X-1.1.
CVE-2024-13271 1Content Entity Clone Project 1Content Entity Clone Aug 27, 2025 Jan 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Content Entity Clone allows Forceful Browsing.This issue affects Content Entity Clone: from 0.0.0 before 1.0.4.
CVE-2024-13270 1Freelinking Project 1Freelinking Aug 27, 2025 Jan 9, 2025 N/A· v4 4.3 MEDIUM· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Freelinking allows Forceful Browsing.This issue affects Freelinking: from 0.0.0 before 4.0.1.
CVE-2024-13266 1Responsive And Off Canvas Menu Project 1Responsive And Off Canvas Menu Aug 27, 2025 Jan 9, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Responsive and off-canvas menu allows Forceful Browsing.This issue affects Responsive and off-canvas menu: from 0.0.0 before 4.4.4.
CVE-2024-13258 1Rest & Json Api Authentication Project 1Rest & Json Api Authentication Jun 4, 2025 Jan 9, 2025 N/A· v4 9.8 CRITICAL· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Drupal REST & JSON API Authentication allows Forceful Browsing.This issue affects Drupal REST & JSON API Authentication: from 0.0.0 before 2.0.13.
CVE-2024-13257 1Commerce View Receipt Project 1Commerce View Receipt Jun 4, 2025 Jan 9, 2025 N/A· v4 5.3 MEDIUM· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Commerce View Receipt allows Forceful Browsing.This issue affects Commerce View Receipt: from 0.0.0 before 1.0.3.
CVE-2024-13253 1Advanced Pwa Inc Push Notifications Project 1Advanced Pwa Inc Push Notifications Jun 4, 2025 Jan 9, 2025 N/A· v4 9.1 CRITICAL· v3 N/A· v2 Incorrect Authorization vulnerability in Drupal Advanced PWA inc Push Notifications allows Forceful Browsing.This issue affects Advanced PWA inc Push Notifications: from 0.0.0 before 1.5.0.
CVE-2025-22449 1Mattermost 1Mattermost Server Sep 29, 2025 Jan 9, 2025 N/A· v4 3.8 LOW· v3 N/A· v2 Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making th...Show more Mattermost versions 9.11.x <= 9.11.5 fail to enforce invite permissions, which allows team admins, with no permission to invite users to their team, to invite users by updating the "allow_open_invite" field via making their team public.Show less
CVE-2024-54010 - - Jan 31, 2025 Jan 8, 2025 N/A· v4 3.4 LOW· v3 N/A· v2 A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP prot...Show more A vulnerability in the firewall component of HPE Aruba Networking CX 10000 Series Switches exists. It could allow an unauthenticated adjacent attacker to conduct a packet forwarding attack against the ICMP and UDP protocol. For this attack to be successful an attacker requires a switch configuration that allows packets routing (at layer 3). Configurations that do not allow network traffic routing are not impacted. Successful exploitation could allow an attacker to bypass security policies, potentially leading to unauthorized data exposure.Show less
CVE-2025-0237 1Mozilla 2Firefox Thunderbird Apr 13, 2026 Jan 7, 2025 N/A· v4 5.4 MEDIUM· v3 N/A· v2 The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks....Show more The WebChannel API, which is used to transport various information across processes, did not check the sending principal but rather accepted the principal being sent. This could have led to privilege escalation attacks. This vulnerability was fixed in Firefox 134, Firefox ESR 128.6, Thunderbird 134, and Thunderbird 128.6.Show less
CVE-2024-39025 - - Dec 31, 2024 Dec 27, 2024 N/A· v4 7.5 HIGH· v3 N/A· v2 Incorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data.
CVE-2020-9081 1Huawei 7Mate 20 Firmware P30 FirmwareP30 Pro Firmware+4 more Jan 10, 2025 Dec 27, 2024 N/A· v4 6.8 MEDIUM· v3 N/A· v2 There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to...Show more There is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific mode to exploit this vulnerability. Successful exploit could allow the attacker to bypass app lock. (Vulnerability ID: HWPSIRT-2019-12144) This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2020-9081.Show less
CVE-2024-47157 1Honor 1Magicos Jun 5, 2025 Dec 26, 2024 N/A· v4 5.5 MEDIUM· v3 N/A· v2 Some Honor products are affected by incorrect privilege assignment vulnerability, successful exploitation could cause device service exceptions.

Previous 1...565758...153 Next