Incorrect Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check. This allows attackers to bypass intended access restrictions.

CVEs (3,040)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2023-49246 1Huawei 2Emui Harmonyos May 28, 2025 Dec 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49240 1Huawei 2Emui Harmonyos Nov 21, 2024 Dec 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Unauthorized access vulnerability in the launcher module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-49239 1Huawei 2Emui Harmonyos Nov 21, 2024 Dec 6, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Unauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiality.
CVE-2023-42575 1Samsung 1Pass Nov 21, 2024 Dec 5, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 Improper Authentication vulnerability in Samsung Pass prior to version 4.3.00.17 allows physical attackers to bypass authentication due to invalid flag setting.
CVE-2023-42569 1Samsung 1Android Nov 21, 2024 Dec 5, 2023 N/A· v4 3.3 LOW· v3 N/A· v2 Improper authorization verification vulnerability in AR Emoji prior to SMR Dec-2023 Release 1 allows attackers to read sandbox data of AR Emoji.
CVE-2023-33071 1Qualcomm 13Qca6574 Firmware Qca6574a FirmwareQca6574au Firmware+10 more Nov 21, 2024 Dec 5, 2023 N/A· v4 7.8 HIGH· v3 N/A· v2 Memory corruption in Automotive OS whenever untrusted apps try to access HAb for graphics functionalities.
CVE-2023-24052 1Connectize 1Ac21000 G6 Firmware Nov 21, 2024 Dec 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 An issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain control of the device via the change password functionality as it does not prompt for the current password.
CVE-2023-24051 1Connectize 1Ac21000 G6 Firmware Nov 21, 2024 Dec 4, 2023 N/A· v4 9.8 CRITICAL· v3 N/A· v2 A client side rate limit issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via brute force style attacks.
CVE-2023-24047 1Connectize 1Ac21000 G6 Firmware Nov 21, 2024 Dec 4, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 An Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges via use of weak hashing algorithm.
CVE-2023-49947 1Forgejo 1Forgejo Nov 21, 2024 Dec 3, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Forgejo before 1.20.5-1 allows 2FA bypass when docker login uses Basic Authentication.
CVE-2023-42006 1Ibm 1I Nov 21, 2024 Dec 1, 2023 N/A· v4 5.5 MEDIUM· v3 N/A· v2 IBM Administration Runtime Expert for i 7.2, 7.3, 7.4, and 7.5 could allow a local user to obtain sensitive information caused by improper authority checks. IBM X-Force ID: 265266.
CVE-2023-5995 1Gitlab 1Gitlab Nov 21, 2024 Dec 1, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an atta...Show more An issue has been discovered in GitLab EE affecting all versions starting from 16.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the policy bot to gain access to internal projects.Show less
CVE-2023-4658 1Gitlab 1Gitlab Nov 21, 2024 Dec 1, 2023 N/A· v4 3.1 LOW· v3 N/A· v2 An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an atta...Show more An issue has been discovered in GitLab EE affecting all versions starting from 8.13 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for an attacker to abuse the `Allowed to merge` permission as a guest user, when granted the permission through a group.Show less
CVE-2023-4317 1Gitlab 1Gitlab Nov 21, 2024 Dec 1, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with...Show more An issue has been discovered in GitLab affecting all versions starting from 9.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a user with the Developer role to update a pipeline schedule from an unprotected branch to a protected branch.Show less
CVE-2023-3964 1Gitlab 1Gitlab Nov 21, 2024 Dec 1, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to a...Show more An issue has been discovered in GitLab affecting all versions starting from 13.2 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for users to access composer packages on public projects that have package registry disabled in the project settings.Show less
CVE-2023-3443 1Gitlab 1Gitlab Nov 21, 2024 Dec 1, 2023 N/A· v4 4.3 MEDIUM· v3 N/A· v2 An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest us...Show more An issue has been discovered in GitLab affecting all versions starting from 12.1 before 16.4.3, all versions starting from 16.5 before 16.5.3, all versions starting from 16.6 before 16.6.1. It was possible for a Guest user to add an emoji on confidential work items.Show less
CVE-2023-47827 1Nicheaddons 1Events Addon For Elementor Apr 28, 2026 Nov 30, 2023 N/A· v4 7.5 HIGH· v3 N/A· v2 Incorrect Authorization vulnerability in NicheAddons Events Addon for Elementor allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Events Addon for Elementor: from n/a through 2.1.3.
CVE-2023-40610 1Apache 1Superset Feb 13, 2025 Nov 27, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Supers...Show more Improper authorization check and possible privilege escalation on Apache Superset up to but excluding 2.1.2. Using the default examples database connection that allows access to both the examples schema and Apache Superset's metadata database, an attacker using a specially crafted CTE SQL statement could change data on the metadata database. This weakness could result on tampering with the authentication/authorization data.Show less
CVE-2023-48712 1Warpgate Project 1Warpgate Nov 21, 2024 Nov 24, 2023 N/A· v4 8.8 HIGH· v3 N/A· v2 Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's...Show more Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.Show less
CVE-2023-5553 1Axis 2Axis Os Axis Os 2022 Jun 10, 2025 Nov 21, 2023 N/A· v4 6.8 MEDIUM· v3 N/A· v2 During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack t...Show more During internal Axis Security Development Model (ASDM) threat-modelling, a flaw was found in the protection for device tampering (commonly known as Secure Boot) in AXIS OS making it vulnerable to a sophisticated attack to bypass this protection. To Axis' knowledge, there are no known exploits of the vulnerability at this time. Axis has released patched AXIS OS versions for the highlighted flaw. Please refer to the Axis security advisory for more information and solution.Show less

Previous 1...798081...152 Next