CVE-2024-55024

An authentication bypass vulnerability in the authorization mechanism of Weintek cMT-3072XH2 easyweb v2.1.53, OS v20231011 allows unauthorized attackers to perform Administrative actions using service accounts...

PT-2026-22781

Name of the Vulnerable Software and Affected Versions Weintek cMT-3072XH2 easyweb version 2.1.53, OS version 20231011 Description An authentication bypass exists in the authorization mechanism of the software. This allows unauthorized attackers to perform administrative actions using service...

CVE-2013-6276

QNAP FVioCard 2312 and FVioGate 2308 have hardcoded entries in authorizedkeys files. NOTE: 1. All active models are not affected. The last affected model was EOL since 2010. 2. The legacy authorization mechanism is no longer adopted in all active models...

EUVD-2007-5976

Malware in sbrugna...

CVE-2024-12297

Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable...

ROS-20250226-10

Vulnerabilities in the Hotspot components of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines are related to flaws in the authorization mechanism. for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to a flaw...

ROS-20250226-11

Vulnerabilities in the Hotspot components of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines are related to flaws in the authorization mechanism. for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to a flaw...

ROS-20250226-12

Vulnerabilities in the Hotspot components of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines are related to flaws in the authorization mechanism. for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to a flaw...

ROS-20250219-05

A vulnerability in the Core component of Oracle VM VirtualBox is related to a flaw in the authorization mechanism. authorization mechanism. Exploitation of the vulnerability could allow an attacker to gain privileged access to the infrastructure A vulnerability in the Core component of the Oracle...

CVE-2023-50946

IBM Common Licensing 9.0 could allow an authenticated user to modify a configuration file that they should not have access to due to a broken authorization mechanism...

PT-2025-4288 · Oracle +1 · Mysql Server

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 9.1.0 and prior Description: The issue is related to the Server: Security: Privileges component of MySQL Server, which is associated with deficiencies in the authorization mechanism. This easily exploitable issue allows ...

CVE-2024-12297 Frontend Authorization Logic Disclosure Vulnerability

Moxa’s Ethernet switch is vulnerable to an authentication bypass because of flaws in its authorization mechanism. Although both client-side and back-end server verification are involved in the process, attackers can exploit weaknesses in its implementation. These vulnerabilities may enable...

PT-2024-10250 · Oracle +8 · Mysql Server +7

Name of the Vulnerable Software and Affected Versions: MySQL Server versions 8.0.40 and prior MySQL Server versions 8.4.3 and prior MySQL Server versions 9.1.0 and prior Description: The issue is related to the authorization mechanism in the MySQL Server product, specifically in the Server:...

PT-2024-10157 · Gitlab · Gitlab Ce/Ee

Name of the Vulnerable Software and Affected Versions: GitLab EE versions 14.3 through 17.4.6 GitLab EE versions 17.5 through 17.5.4 GitLab EE versions 17.6 through 17.6.2 Description: The issue is related to the Wiki History Diff feature in GitLab EE, which allows group users to view confidentia...

CVE-2024-26331

ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass t...

CVE-2024-26331

ReCrystallize Server 5.10.0.0 is vulnerable to authentication bypass via cookie manipulation. The Nuclei template and Red Hat/NVD entries describe an issue where the cookie value (e.g., AdminUsername) is not bound to a session ID, allowing an attacker to bypass authentication by modifying the coo...

CVE-2024-26331

ReCrystallize Server 5.10.0.0 uses a authorization mechanism that relies on the value of a cookie, but it does not bind the cookie value to a session ID. Attackers can easily modify the cookie value, within a browser or by implementing client-side code outside of a browser. Attackers can bypass t...

CVE-2023-47573

An issue discovered in Relyum RELY-PCIe 22.2.1 devices. The authorization mechanism is not enforced in the web interface, allowing a low-privileged user to execute administrative functions...

CVE-2023-47573

The CVE-2023-47573 vulnerability affects Relyum RELY-PCIe 22.2.1. The web interface does not enforce authorization, enabling a low-privilege user to perform administrative functions. No exploitation details are provided in the documents. A remediation note from PT-2023-30508 suggests restricting ...

Remote Code Execution (RCE)

gitlab is vulnerable to Remote Code Execution RCE. The vulnerability exists due to the lack of an authorization mechanism in the library, which allows an attacker to import maliciously crafted projects, injecting and executing malicious code...