80 matches found
PT-2026-39283
Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.1.124 Description An improper authorization control exists where the API fails to validate if a user possesses an authorized role of user or admin. When the platform is configured to allow new sign-ups, new...
CVE-2020-7530
A CWE-285 Improper Authorization vulnerability exists in SCADAPack 7x Remote Connect V3.6.3.574 and prior which allows improper access to executable code folders...
EUVD-2020-28655
Malware in sbrugna...
EUVD-2023-46931
Malicious code in bioql PyPI...
CVE-2024-45128 Adobe Commerce | Incorrect Authorization (CWE-863)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on...
CVE-2024-45131 Adobe Commerce | Incorrect Authorization (CWE-863)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on...
CVE-2024-45131
Adobe Commerce (Magento Open Source) vulnerability CVE-2024-45131 affects versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier. The issue is an Improper Authorization that could allow a low-privileged attacker to bypass security features with low impact on confidentiality and integrity; e...
CVE-2024-45131 Adobe Commerce | Incorrect Authorization (CWE-863)
Adobe Commerce versions 2.4.7-p2, 2.4.6-p7, 2.4.5-p9, 2.4.4-p10 and earlier are affected by an Improper Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures and have a low impact on...
CVE-2024-45327
An improper authorization vulnerability CWE-285 in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...
CVE-2024-45327
FortiSOAR is affected by an improper authorization vulnerability (CWE-285) in the change password endpoint, enabling an authenticated attacker to perform brute force attacks on user and administrator passwords. Affected FortiSOAR versions are 7.0.0–7.0.3, 7.2.0–7.2.2, 7.3.0–7.3.2, and 7.4.0–7.4.3...
CVE-2024-45327
An improper authorization vulnerability CWE-285 in FortiSOAR version 7.4.0 through 7.4.3, 7.3.0 through 7.3.2, 7.2.0 through 7.2.2, 7.0.0 through 7.0.3 change password endpoint may allow an authenticated attacker to perform a brute force attack on users and administrators password via crafted HTT...
CVE-2024-23665
Multiple improper authorization vulnerabilities CWE-285 in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests...
CVE-2024-23665
Multiple improper authorization vulnerabilities CWE-285 in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests...
CVE-2024-23665
Multiple improper authorization vulnerabilities CWE-285 in FortiWeb version 7.4.2 and below, version 7.2.7 and below, version 7.0.10 and below, version 6.4.3 and below, version 6.3.23 and below may allow an authenticated attacker to perform unauthorized ADOM operations via crafted requests...
Fortinet FortiWeb Unauthorized ADOM operations (FG-IR-23-474)
The version of FortiWeb installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the FG-IR-23-474 advisory. - Multiple improper authorization vulnerabilities CWE-285 in FortiWeb version 7.4.2 and below, version 7.2.7 and below, versio...
CVE-2024-21761
An improper authorization vulnerability CWE-285 in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload...
Authorization
An improper authorization vulnerability CWE-285 in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload...
CVE-2024-21761
FortiPortal suffers an improper authorization vulnerability (CWE-285) affecting FortiPortal versions 7.0.6 and below and 7.2.0. An attacker could download reports from other organizations by modifying the request payload. The issue is documented across multiple sources, with practical remediation...
CVE-2024-21761
An improper authorization vulnerability CWE-285 in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload...
CVE-2024-21761
An improper authorization vulnerability CWE-285 in FortiPortal version 7.2.0, and versions 7.0.6 and below reports may allow a user to download other organizations reports via modification in the request payload...