Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2023-2877

Summary
Assigner-WPScan
Assigner Org ID-1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At-27 Jun, 2023 | 13:17
Updated At-03 Dec, 2024 | 17:00
Rejected At-
Credits

Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
â–¼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:WPScan
Assigner Org ID:1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81
Published At:27 Jun, 2023 | 13:17
Updated At:03 Dec, 2024 | 17:00
Rejected At:
â–¼CVE Numbering Authority (CNA)
Formidable Forms < 6.3.1 - Subscriber+ Remote Code Execution

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.

Affected Products
Vendor
Unknown
Product
Formidable Forms
Collection URL
https://wordpress.org/plugins
Default Status
unaffected
Versions
Affected
  • From 0 before 6.3.1 (custom)
Problem Types
TypeCWE IDDescription
CWECWE-863CWE-863 Incorrect Authorization
Type: CWE
CWE ID: CWE-863
Description: CWE-863 Incorrect Authorization
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

finder
Alex Sanford
coordinator
WPScan
Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402
exploit
vdb-entry
technical-description
Hyperlink: https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402
Resource:
exploit
vdb-entry
technical-description
â–¼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402
exploit
vdb-entry
technical-description
x_transferred
Hyperlink: https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402
Resource:
exploit
vdb-entry
technical-description
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
â–¼National Vulnerability Database (NVD)
nvd.nist.gov
Source:contact@wpscan.com
Published At:27 Jun, 2023 | 14:15
Updated At:07 Nov, 2023 | 04:13

The Formidable Forms WordPress plugin before 6.3.1 does not adequately authorize the user or validate the plugin URL in its functionality for installing add-ons. This allows a user with a role as low as Subscriber to install and activate arbitrary plugins of arbitrary versions from the WordPress.org plugin repository onto the site, leading to Remote Code Execution.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.18.8HIGH
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Type: Primary
Version: 3.1
Base score: 8.8
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
CPE Matches

Strategy11
strategy11
>>formidable_forms>>Versions before 6.3.1(exclusive)
cpe:2.3:a:strategy11:formidable_forms:*:*:*:*:*:wordpress:*:*
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402contact@wpscan.com
Exploit
Third Party Advisory
Hyperlink: https://wpscan.com/vulnerability/33765da5-c56e-42c1-83dd-fcaad976b402
Source: contact@wpscan.com
Resource:
Exploit
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

251Records found

CVE-2024-39696
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.52% / 40.48%
||
7 Day CHG~0.00%
Published-05 Jul, 2024 | 18:49
Updated-02 Aug, 2024 | 04:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Evmos vulnerable to exploit of smart contract account and vesting

Evmos is a decentralized Ethereum Virtual Machine chain on the Cosmos Network. Prior to version 19.0.0, a user can create a vesting account with a 3rd party account (EOA or contract) as funder. Then, this user can create an authorization for the contract.CallerAddress, this is the authorization checked in the code. But the funds are taken from the funder address provided in the message. Consequently, the user can fund a vesting account with a 3rd party account without its permission. The funder address can be any address, so this vulnerability can be used to drain all the accounts in the chain. The issue has been patched in version 19.0.0.

Action-Not Available
Vendor-evmosevmos
Product-evmosevmos
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-14843
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-1.19% / 64.17%
||
7 Day CHG~0.00%
Published-07 Jan, 2020 | 16:34
Updated-05 Aug, 2024 | 00:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Wildfly Security Manager, running under JDK 11 or 8, that authorized requests for any requester. This flaw could be used by a malicious app deployed on the app server to access unauthorized information and possibly conduct further attacks. Versions shipped with Red Hat Jboss EAP 7 and Red Hat SSO 7 are vulnerable to this issue.

Action-Not Available
Vendor-Red Hat, Inc.
Product-single_sign-onjboss_enterprise_application_platformwildfly-security-manager
CWE ID-CWE-592
DEPRECATED: Authentication Bypass Issues
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-22967
Matching Score-4
Assigner-VMware by Broadcom
ShareView Details
Matching Score-4
Assigner-VMware by Broadcom
CVSS Score-8.8||HIGH
EPSS-1.88% / 76.88%
||
7 Day CHG~0.00%
Published-22 Jun, 2022 | 00:00
Updated-05 May, 2025 | 17:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in SaltStack Salt in versions before 3002.9, 3003.5, 3004.2. PAM auth fails to reject locked accounts, which allows a previously authorized user whose account is locked still run Salt commands when their account is locked. This affects both local shell accounts with an active session and salt-api users that authenticate via PAM eauth.

Action-Not Available
Vendor-saltstackn/a
Product-saltSaltStack Salt
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-24573
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.82% / 52.66%
||
7 Day CHG~0.00%
Published-31 Jan, 2024 | 22:33
Updated-16 Jun, 2025 | 18:24
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
facileManager Privilege Escalation via Mass Assignment

facileManager is a modular suite of web apps built with the sysadmin in mind. In versions 4.5.0 and earlier, when a user updates their profile, a POST request containing user information is sent to the endpoint server/fm-modules/facileManager/ajax/processPost.php. It was found that non-admins can arbitrarily set their permissions and grant their non-admin accounts with super user privileges.

Action-Not Available
Vendor-facilemanagerWillyXJ
Product-facilemanagerfacileManager
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-5822
Matching Score-4
Assigner-Zero Day Initiative
ShareView Details
Matching Score-4
Assigner-Zero Day Initiative
CVSS Score-7.1||HIGH
EPSS-0.32% / 24.10%
||
7 Day CHG~0.00%
Published-25 Jun, 2025 | 18:00
Updated-10 Sep, 2025 | 14:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability

Autel MaxiCharger AC Wallbox Commercial Technician API Incorrect Authorization Privilege Escalation Vulnerability. This vulnerability allows remote attackers to escalate privileges on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. An attacker must first obtain a low-privileged authorization token in order to exploit this vulnerability. The specific flaw exists within the implementation of the Autel Technician API. The issue results from incorrect authorization. An attacker can leverage this vulnerability to escalate privileges to resources normally protected from the user. Was ZDI-CAN-26325.

Action-Not Available
Vendor-autelAutel
Product-maxicharger_dc_compact_mobilemaxicharger_ac_ultra_firmwaremaxicharger_ac_elite_business_c50_firmwaremaxicharger_single_chargermaxicharger_ac_pro_firmwaremaxicharger_dc_compact_pedestalmaxicharger_single_charger_firmwaremaxicharger_dc_hipower_firmwaremaxicharger_ac_promaxicharger_dc_hipowermaxicharger_ac_ultramaxicharger_ac_elite_business_c50maxicharger_dc_compact_mobile_firmwaremaxicharger_dh480maxicharger_dc_compact_pedestal_firmwaremaxicharger_dh480_firmwaremaxicharger_dc_fast_firmwaremaxicharger_dc_fastAutel MaxiCharger AC Wallbox Commercial
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-13386
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-2.80% / 84.76%
||
7 Day CHG~0.00%
Published-26 Jul, 2019 | 12:06
Updated-04 Aug, 2024 | 23:49
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

In CentOS-WebPanel.com (aka CWP) CentOS Web Panel 0.9.8.846, a hidden action=9 feature in filemanager2.php allows attackers to execute a shell command, i.e., obtain a reverse shell with user privilege.

Action-Not Available
Vendor-centos-webpaneln/a
Product-centos_web_paneln/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-11361
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-3.02% / 85.81%
||
7 Day CHG~0.00%
Published-19 Mar, 2020 | 16:48
Updated-04 Aug, 2024 | 22:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Zoho ManageEngine Remote Access Plus 10.0.258 does not validate user permissions properly, allowing for privilege escalation and eventually a full application takeover.

Action-Not Available
Vendor-n/aZoho Corporation Pvt. Ltd.
Product-manageengine_remote_access_plusn/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-30616
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.58% / 43.48%
||
7 Day CHG~0.00%
Published-04 Nov, 2024 | 00:00
Updated-18 Apr, 2025 | 13:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Chamilo LMS 1.11.26 is vulnerable to Incorrect Access Control via main/auth/profile. Non-admin users can manipulate sensitive profiles information, posing a significant risk to data integrity.

Action-Not Available
Vendor-chamilon/achamilo
Product-chamilo_lmsn/achamilo_lms
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-2915
Matching Score-4
Assigner-Devolutions Inc.
ShareView Details
Matching Score-4
Assigner-Devolutions Inc.
CVSS Score-8.8||HIGH
EPSS-0.65% / 46.53%
||
7 Day CHG~0.00%
Published-26 Mar, 2024 | 15:51
Updated-27 Mar, 2025 | 19:32
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control in PAM JIT elevation in Devolutions Server 2024.1.6 and earlier allows an attacker with access to the PAM JIT elevation feature to elevate themselves to unauthorized groups via a specially crafted request.

Action-Not Available
Vendor-Devolutions
Product-devolutions_serverServerdevolutions_server
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-2698
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-0.67% / 47.36%
||
7 Day CHG~0.00%
Published-12 Jun, 2024 | 08:03
Updated-20 Nov, 2025 | 07:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Freeipa: delegation rules allow a proxy service to impersonate any user to access another target service

A vulnerability was found in FreeIPA in how the initial implementation of MS-SFU by MIT Kerberos was missing a condition for granting the "forwardable" flag on S4U2Self tickets. Fixing this mistake required adding a special case for the check_allowed_to_delegate() function: If the target service argument is NULL, then it means the KDC is probing for general constrained delegation rules and not checking a specific S4U2Proxy request. In FreeIPA 4.11.0, the behavior of ipadb_match_acl() was modified to match the changes from upstream MIT Kerberos 1.20. However, a mistake resulting in this mechanism applies in cases where the target service argument is set AND where it is unset. This results in S4U2Proxy requests being accepted regardless of whether or not there is a matching service delegation rule.

Action-Not Available
Vendor-freeipaRed Hat, Inc.
Product-enterprise_linux_eusfreeipaenterprise_linuxRed Hat Enterprise Linux 8.8 Extended Update SupportRed Hat Enterprise Linux 9Red Hat Enterprise Linux 7Red Hat Enterprise Linux 6Red Hat Enterprise Linux 9.2 Extended Update SupportRed Hat Enterprise Linux 8
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-24751
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-4.3||MEDIUM
EPSS-0.48% / 38.28%
||
7 Day CHG~0.00%
Published-13 Feb, 2024 | 18:30
Updated-18 Oct, 2024 | 18:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Broken Access Control in Backend Module in sf_event_mgt

sf_event_mgt is an event management and registration extension for the TYPO3 CMS based on ExtBase and Fluid. In affected versions the existing access control check for events in the backend module got broken during the update of the extension to TYPO3 12.4, because the `RedirectResponse` from the `$this->redirect()` function was never handled. This issue has been addressed in version 7.4.0. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-derhansenderhansen
Product-event_management_and_registrationsf_event_mgt
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-284
Improper Access Control
CVE-2024-24824
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-34.50% / 98.22%
||
7 Day CHG~0.00%
Published-07 Feb, 2024 | 17:25
Updated-17 Jun, 2025 | 21:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request

Graylog is a free and open log management platform. Starting in version 2.0.0 and prior to versions 5.1.11 and 5.2.4, arbitrary classes can be loaded and instantiated using a HTTP PUT request to the `/api/system/cluster_config/` endpoint. Graylog's cluster config system uses fully qualified class names as config keys. To validate the existence of the requested class before using them, Graylog loads the class using the class loader. If a user with the appropriate permissions performs the request, arbitrary classes with 1-arg String constructors can be instantiated. This will execute arbitrary code that is run during class instantiation. In the specific use case of `java.io.File`, the behavior of the internal web-server stack will lead to information exposure by including the entire file content in the response to the REST request. Versions 5.1.11 and 5.2.4 contain a fix for this issue.

Action-Not Available
Vendor-graylogGraylog2
Product-grayloggraylog2-server
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-25108
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.9||CRITICAL
EPSS-0.68% / 47.80%
||
7 Day CHG~0.00%
Published-12 Feb, 2024 | 20:05
Updated-07 May, 2025 | 21:03
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Insufficient authorization allowing elevated access to resources in pixelfed

Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to access far more functionality than users intended, including to the administrative and moderator functionality of the Pixelfed server. This vulnerability affects every version of Pixelfed between v0.10.4 and v0.11.9, inclusive. A proof of concept of this vulnerability exists. This vulnerability affects every local user of a Pixelfed server, and can potentially affect the servers' ability to federate. Some user interaction is required to setup the conditions to be able to exercise the vulnerability, but the attacker could conduct this attack time-delayed manner, where user interaction is not actively required. This vulnerability has been addressed in version 0.11.11. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-pixelfedpixelfed
Product-pixelfedpixelfed
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-23669
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-6.4||MEDIUM
EPSS-0.54% / 41.56%
||
7 Day CHG~0.00%
Published-05 Jun, 2024 | 07:45
Updated-01 Aug, 2024 | 23:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An improper authorization in Fortinet FortiWebManager version 7.2.0 and 7.0.0 through 7.0.4 and 6.3.0 and 6.2.3 through 6.2.4 and 6.0.2 allows attacker to execute unauthorized code or commands via HTTP requests or CLI.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortiwebmanagerFortiWebManagerfortiweb_manager
CWE ID-CWE-20
Improper Input Validation
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-0383
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-1.11% / 61.94%
||
7 Day CHG~0.00%
Published-17 Dec, 2019 | 19:21
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.

Action-Not Available
Vendor-SAP SE
Product-treasury_and_risk_management_\(s4core\)enterprise_extension_financial_servicesSAP Treasury and Risk Management (EA-FINSERV)SAP Treasury and Risk Management (S4CORE)
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-40670
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
ShareView Details
Matching Score-4
Assigner-Spanish National Cybersecurity Institute, S.A. (INCIBE)
CVSS Score-7.1||HIGH
EPSS-0.29% / 20.28%
||
7 Day CHG+0.01%
Published-09 Jun, 2025 | 12:26
Updated-06 Oct, 2025 | 19:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Authorization vulnerability in TCMAN GIM

Incorrect authorization vulnerability in TCMAN's GIM v11. This vulnerability allows an unprivileged attacker to create a user and assign it many privileges by sending a POST request to /PC/frmGestionUser.aspx/updateUser.

Action-Not Available
Vendor-tcmanTCMAN
Product-gimGIM
CWE ID-CWE-863
Incorrect Authorization
CVE-2019-0384
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-8.8||HIGH
EPSS-0.89% / 54.87%
||
7 Day CHG~0.00%
Published-17 Dec, 2019 | 19:24
Updated-04 Aug, 2024 | 17:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Transaction Management in SAP Treasury and Risk Management (corrected in S4CORE versions 1.01, 1.02, 1.03, 1.04 and EA-FINSERV versions 6.0, 6.03, 6.04, 6.05, 6.06, 6.16, 6.17, 6.18, 8.0) does not perform necessary authorization checks for functionalities that require user identity.

Action-Not Available
Vendor-SAP SE
Product-treasury_and_risk_management_\(s4core\)enterprise_extension_financial_servicesSAP Treasury and Risk Management (EA-FINSERV)SAP Treasury and Risk Management (S4CORE)
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-1677
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-6.3||MEDIUM
EPSS-0.51% / 39.97%
||
7 Day CHG~0.00%
Published-02 May, 2024 | 16:52
Updated-08 Apr, 2026 | 18:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce <= 3.4.6 - Improper Authorization

The Print Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce plugin for WordPress is vulnerable to unauthorized access of data, modification of data, and loss of data due to an improper capability check on 42 separate AJAX functions in all versions up to, and including, 3.4.6. This makes it possible for authenticated attackers, with subscriber access and above, to fully control the plugin which includes the ability to modify plugin settings and profiles, and create, edit, retrieve, and delete templates and barcodes.

Action-Not Available
Vendor-ukrsolutionukrsolution
Product-print_labels_with_barcodesPrint Labels with Barcodes. Create price tags, product labels, order labels for WooCommerce
CWE ID-CWE-862
Missing Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-20420
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-5.4||MEDIUM
EPSS-0.36% / 28.36%
||
7 Day CHG~0.00%
Published-16 Oct, 2024 | 16:15
Updated-31 Oct, 2024 | 14:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco ATA 190 Series Analog Telephone Adapter Firmware Privilege Escalation Vulnerability

A vulnerability in the web-based management interface of Cisco ATA 190 Series Analog Telephone Adapter firmware could allow an authenticated, remote attacker with low privileges to run commands as an Admin user. This vulnerability is due to incorrect authorization verification by the HTTP server. An attacker could exploit this vulnerability by sending a malicious request to the web-based management interface. A successful exploit could allow the attacker to run commands as the Admin user.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ata_192_firmwareata_191_firmwareata_192ata_191Cisco Analog Telephone Adaptor (ATA) Software
CWE ID-CWE-250
Execution with Unnecessary Privileges
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-29827
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-9.9||CRITICAL
EPSS-1.25% / 65.76%
||
7 Day CHG~0.00%
Published-08 May, 2025 | 22:17
Updated-13 Feb, 2026 | 19:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Azure Automation Elevation of Privilege Vulnerability

Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-azure_automationAzure Automation
CWE ID-CWE-285
Improper Authorization
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-21701
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-5||MEDIUM
EPSS-0.77% / 51.02%
||
7 Day CHG~0.00%
Published-19 Jan, 2022 | 21:40
Updated-23 Apr, 2025 | 19:09
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privileged Escalation in Istio

Istio is an open platform to connect, manage, and secure microservices. In versions 1.12.0 and 1.12.1 Istio is vulnerable to a privilege escalation attack. Users who have `CREATE` permission for `gateways.gateway.networking.k8s.io` objects can escalate this privilege to create other resources that they may not have access to, such as `Pod`. This vulnerability impacts only an Alpha level feature, the Kubernetes Gateway API. This is not the same as the Istio Gateway type (gateways.networking.istio.io), which is not vulnerable. Users are advised to upgrade to resolve this issue. Users unable to upgrade should implement any of the following which will prevent this vulnerability: Remove the gateways.gateway.networking.k8s.io CustomResourceDefinition, set PILOT_ENABLE_GATEWAY_API_DEPLOYMENT_CONTROLLER=true environment variable in Istiod, or remove CREATE permissions for gateways.gateway.networking.k8s.io objects from untrusted users.

Action-Not Available
Vendor-istioistio
Product-istioistio
CWE ID-CWE-863
Incorrect Authorization
CVE-2025-26511
Matching Score-4
Assigner-NetApp, Inc.
ShareView Details
Matching Score-4
Assigner-NetApp, Inc.
CVSS Score-8.8||HIGH
EPSS-0.54% / 41.23%
||
7 Day CHG~0.00%
Published-13 Feb, 2025 | 15:44
Updated-15 Apr, 2026 | 00:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cassandra-Lucene-Index allows bypass of Cassandra RBAC

Systems running the Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin versions 4.0-rc1-1.0.0 through 4.0.16-1.0.0 and 4.1.2-1.0.0 through 4.1.8-1.0.0, installed into Apache Cassandra version 4.x, are susceptible to a vulnerability which when successfully exploited could allow authenticated Cassandra users to remotely bypass RBAC and escalate their privileges.

Action-Not Available
Vendor-NetApp, Inc.
Product-Instaclustr fork of Stratio's Cassandra-Lucene-Index plugin
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-4997
Matching Score-4
Assigner-CERT.PL
ShareView Details
Matching Score-4
Assigner-CERT.PL
CVSS Score-8.8||HIGH
EPSS-0.54% / 41.66%
||
7 Day CHG~0.00%
Published-04 Oct, 2023 | 10:54
Updated-03 Mar, 2025 | 17:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper authorisation in Uptime DC

Improper authorisation of regular users in ProIntegra Uptime DC software (versions below 2.0.0.33940) allows them to change passwords of all other users including administrators leading to a privilege escalation.

Action-Not Available
Vendor-prointegraProIntegra S.A.
Product-uptimedcUptimeDC
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-48712
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.68% / 47.72%
||
7 Day CHG~0.00%
Published-24 Nov, 2023 | 17:02
Updated-02 Aug, 2024 | 21:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
User authorization bug leading to privilege escalation in warpgate

Warpgate is an open source SSH, HTTPS and MySQL bastion host for Linux. In affected versions there is a privilege escalation vulnerability through a non-admin user's account. Limited users can impersonate another user's account if only single-factor authentication is configured. If a user knows an admin username, opens the login screen and attempts to authenticate with an incorrect password they can subsequently enter a valid non-admin username and password they will be logged in as the admin user. All installations prior to version 0.9.0 are affected. All users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-warpgate_projectwarp-tech
Product-warpgatewarpgate
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-4639
Matching Score-4
Assigner-TWCERT/CC
ShareView Details
Matching Score-4
Assigner-TWCERT/CC
CVSS Score-8.7||HIGH
EPSS-0.30% / 21.65%
||
7 Day CHG~0.00%
Published-24 Mar, 2026 | 04:17
Updated-15 Apr, 2026 | 16:29
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Galaxy Software Services|Vitals ESP - Incorrect Authorization

Vitals ESP developed by Galaxy Software Services has a Incorrect Authorization vulnerability, allowing authenticated remote attackers to perform certain administrative functions, thereby escalating privileges.

Action-Not Available
Vendor-gssGalaxy Software Services
Product-vitalsespVitals ESP
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-47101
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.74% / 50.06%
||
7 Day CHG+0.11%
Published-21 May, 2026 | 20:33
Updated-01 Jul, 2026 | 13:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

LiteLLM prior to 1.83.14 allows an authenticated internal_user to create API keys with access to routes that their role does not permit. When generating a key, the allowed_routes field is stored without verifying that the specified routes fall within the user's own permissions. A key created with access to admin-only routes can then be used to reach those routes successfully, bypassing the role-based access controls that would otherwise block the request, enabling full privilege escalation from internal_user to proxy_admin.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmlitellmRed Hat OpenShift AI (RHOAI)Exploit IntelligenceRed Hat Ansible Automation Platform 2
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-47102
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.65% / 46.77%
||
7 Day CHG+0.14%
Published-21 May, 2026 | 20:34
Updated-02 Jul, 2026 | 12:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
LiteLLM < 1.83.10 Privilege Escalation via User Update

LiteLLM prior to 1.83.10 allows a user to modify their own user_role via the /user/update endpoint. While the endpoint correctly restricts users to updating only their own account, it does not restrict which fields may be changed. A user who can reach this endpoint can set their role to proxy_admin, gaining full administrative access to LiteLLM including all users, teams, keys, models, and prompt history. Users with the org_admin role have legitimate access to this endpoint and can exploit this vulnerability without chaining any additional flaw.

Action-Not Available
Vendor-litellmBerriAIRed Hat, Inc.
Product-litellmlitellmRed Hat OpenShift AI (RHOAI)Exploit IntelligenceRed Hat Ansible Automation Platform 2
CWE ID-CWE-863
Incorrect Authorization
CWE ID-CWE-915
Improperly Controlled Modification of Dynamically-Determined Object Attributes
CVE-2023-47716
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-6.3||MEDIUM
EPSS-0.40% / 32.04%
||
7 Day CHG~0.00%
Published-01 Mar, 2024 | 02:22
Updated-15 Aug, 2025 | 20:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM FileNet Content Manager privilege escalation

IBM CP4BA - Filenet Content Manager Component 5.5.8.0, 5.5.10.0, and 5.5.11.0 could allow a user to gain the privileges of another user under unusual circumstances. IBM X-Force ID: 271656.

Action-Not Available
Vendor-IBM Corporation
Product-filenet_content_managercp4ba_-_filenet_content_managerFilenet Content Manager
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-46244
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-9.1||CRITICAL
EPSS-0.79% / 51.78%
||
7 Day CHG~0.00%
Published-07 Nov, 2023 | 19:04
Updated-12 Sep, 2024 | 19:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Privilege escalation in Xwiki platform

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In affected versions it's possible for a user to write a script in which any velocity content is executed with the right of any other document content author. Since this API require programming right and the user does not have it, the expected result is `$doc.document.authors.contentAuthor` (not executed script), unfortunately with the security vulnerability it is possible for the attacker to get `XWiki.superadmin` which shows that the title was executed with the right of the unmodified document. This has been patched in XWiki versions 14.10.7 and 15.2RC1. Users are advised to upgrade. There are no known workarounds for this vulnerability.

Action-Not Available
Vendor-XWiki SAS
Product-xwikixwiki-platform
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-45185
Matching Score-4
Assigner-IBM Corporation
ShareView Details
Matching Score-4
Assigner-IBM Corporation
CVSS Score-7.4||HIGH
EPSS-0.99% / 58.24%
||
7 Day CHG~0.00%
Published-14 Dec, 2023 | 14:04
Updated-02 Aug, 2024 | 20:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
IBM i Access Client Solutions code execution

IBM i Access Client Solutions 1.1.2 through 1.1.4 and 1.1.4.3 through 1.1.9.3 could allow an attacker to execute remote code. Due to improper authority checks the attacker could perform operations on the PC under the user's authority. IBM X-Force ID: 268273.

Action-Not Available
Vendor-IBM Corporation
Product-i_access_client_solutionsi Access Client Solutions
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-46519
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.38% / 29.54%
||
7 Day CHG~0.00%
Published-11 Jun, 2026 | 18:34
Updated-11 Jun, 2026 | 21:01
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
mcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filtering Without Execution-Layer Enforcement

mcp-server-kubernetes is a Model Context Protocol server for Kubernetes cluster management. Prior to version 3.6.0, mcp-server-kubernetes exposes three environment variables (ALLOW_ONLY_READONLY_TOOLS, ALLOW_ONLY_NON_DESTRUCTIVE_TOOLS, ALLOWED_TOOLS) documented as access controls for restricting which Kubernetes operations are available. These controls are enforced at the tool discovery layer (tools/list) but not at the execution layer (tools/call). Any client that knows a tool name can invoke it directly regardless of the configured restriction mode. The access control was effectively cosmetic. This issue has been patched in version 3.6.0.

Action-Not Available
Vendor-Flux159
Product-mcp-server-kubernetes
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-43961
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.80% / 52.00%
||
7 Day CHG~0.00%
Published-25 Oct, 2023 | 00:00
Updated-11 Sep, 2024 | 20:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Dromara SaToken version 1.3.50RC and before when using Spring dynamic controllers, a specially crafted request may cause an authentication bypass.

Action-Not Available
Vendor-dromaran/adromara
Product-sa-tokenn/asa-token
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-45672
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.41% / 32.51%
||
7 Day CHG~0.00%
Published-15 May, 2026 | 20:55
Updated-19 May, 2026 | 16:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed

Open WebUI is a self-hosted artificial intelligence platform designed to operate entirely offline. Prior to 0.8.12, the /api/v1/utils/code/execute endpoint executes arbitrary Python code via Jupyter for any verified user, even when the admin has set ENABLE_CODE_EXECUTION=false. The feature gate is not enforced on the API endpoint — the configuration says "disabled" but code still executes. This vulnerability is fixed in 0.8.12.

Action-Not Available
Vendor-openwebuiopen-webui
Product-open_webuiopen-webui
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-44832
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.7||HIGH
EPSS-0.31% / 23.25%
||
7 Day CHG~0.00%
Published-26 May, 2026 | 19:29
Updated-02 Jul, 2026 | 15:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Snipe-IT: Privilege Escalation via API Permissions Assignment

Snipe-IT is an IT asset/license management system. Prior to 8.4.1, aAn authenticated user with only users.edit permission can escalate their own privileges to admin by sending a PATCH request to /api/v1/users/{id} with permissions[admin]=1. The API controller only strips the superuser key from the permissions array, allowing admin and all other permission keys to be set by any user who can update users. This vulnerability is fixed in 8.4.1.

Action-Not Available
Vendor-snipeitappgrokability
Product-snipe-itsnipe-it
CWE ID-CWE-281
Improper Preservation of Permissions
CWE ID-CWE-863
Incorrect Authorization
CVE-2022-0981
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-8.8||HIGH
EPSS-1.15% / 63.00%
||
7 Day CHG~0.00%
Published-23 Mar, 2022 | 19:46
Updated-02 Aug, 2024 | 23:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A flaw was found in Quarkus. The state and potentially associated permissions can leak from one web request to another in RestEasy Reactive. This flaw allows a low-privileged user to perform operations on the database with a different set of privileges than intended.

Action-Not Available
Vendor-quarkusn/a
Product-quarkusquarkus
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-45831
Matching Score-4
Assigner-HiddenLayer, Inc.
ShareView Details
Matching Score-4
Assigner-HiddenLayer, Inc.
CVSS Score-8.8||HIGH
EPSS-0.24% / 14.60%
||
7 Day CHG~0.00%
Published-12 Jun, 2026 | 15:03
Updated-16 Jun, 2026 | 15:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a user holds a given permission but never checks which tenant, database, or collection that permission applies to allowing users to perform cross tenant actions.

Action-Not Available
Vendor-trychromaChroma
Product-chromadbChromaDB
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-43530
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.36% / 27.62%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:25
Updated-07 May, 2026 | 15:57
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution

OpenClaw versions 2026.2.23 before 2026.4.12 contain a weakened exec approval binding vulnerability in busybox and toybox applet execution that allows attackers to obscure which applet would actually run. Attackers can exploit opaque multi-call binaries to bypass exec approval mechanisms and weaken risk classification of unsafe applet invocations.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-44110
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.7||HIGH
EPSS-0.29% / 20.63%
||
7 Day CHG~0.00%
Published-06 May, 2026 | 19:49
Updated-07 May, 2026 | 13:58
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

OpenClaw before 2026.4.15 contains an authorization bypass vulnerability in Matrix room control-command authorization that trusts DM pairing-store entries. Attackers with DM-paired sender IDs can execute room control commands without being in configured allowlists by posting in bot rooms, potentially enabling privileged OpenClaw behavior.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2018-25353
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.45% / 36.17%
||
7 Day CHG~0.00%
Published-23 May, 2026 | 18:30
Updated-26 May, 2026 | 17:55
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Redaxo CMS Mediapool Addon 5.5.1 Arbitrary File Upload

Redaxo CMS Mediapool Addon 5.5.1 and older contains an arbitrary file upload vulnerability that allows authenticated users to bypass file extension blacklist restrictions. Attackers with editor accounts can upload executable files by using obfuscated extensions like php71 or php53 to evade the blacklist filter and execute arbitrary code.

Action-Not Available
Vendor-Redaxo
Product-Redaxo CMS Mediapool
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-4019
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-8.8||HIGH
EPSS-0.65% / 46.80%
||
7 Day CHG~0.00%
Published-04 Sep, 2023 | 11:27
Updated-23 Apr, 2025 | 16:17
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Media from FTP < 11.17 - Author+ Arbitrary File Access

The Media from FTP WordPress plugin before 11.17 does not properly limit who can use the plugin, which may allow users with author+ privileges to move files around, like wp-config.php, which may lead to RCE in some cases.

Action-Not Available
Vendor-riverforest-wpUnknown
Product-media_from_ftpMedia from FTP
CWE ID-CWE-863
Incorrect Authorization
CVE-2024-8970
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-8.2||HIGH
EPSS-0.59% / 44.06%
||
7 Day CHG~0.00%
Published-11 Oct, 2024 | 12:30
Updated-13 Dec, 2024 | 01:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Authorization in GitLab

An issue was discovered in GitLab CE/EE affecting all versions starting from 11.6 prior to 17.2.9, starting from 17.3 prior to 17.3.5, and starting from 17.4 prior to 17.4.2, which allows an attacker to trigger a pipeline as another user under certain circumstances.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42422
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-7.7||HIGH
EPSS-0.28% / 20.02%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 18:10
Updated-30 Apr, 2026 | 14:04
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.8 - Role Bypass in device.token.rotate Function

OpenClaw before 2026.4.8 contains a role bypass vulnerability in the device.token.rotate function that allows minting tokens for unapproved roles. Attackers can bypass device role-upgrade pairing to preserve or mint roles and scopes that had not undergone intended approval.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42426
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.28% / 20.02%
||
7 Day CHG~0.00%
Published-28 Apr, 2026 | 18:10
Updated-30 Apr, 2026 | 14:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write Scope

OpenClaw before 2026.4.8 contains an improper authorization vulnerability where the node.pair.approve method accepts operator.write scope instead of the narrower operator.pairing scope, allowing unprivileged users to approve node pairing. Attackers with operator.write permissions can bypass pairing approval restrictions to gain unauthorized access to exec-capable nodes.

Action-Not Available
Vendor-OpenClaw
Product-openclawOpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-38488
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-7.1||HIGH
EPSS-0.80% / 52.08%
||
7 Day CHG~0.00%
Published-27 Jul, 2023 | 14:31
Updated-17 Oct, 2024 | 13:05
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Kirby vulnerable to field injection in the KirbyData text storage handler

Kirby is a content management system. A vulnerability in versions prior to 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6 affects all Kirby sites that might have potential attackers in the group of authenticated Panel users or that allow external visitors to update a Kirby content file (e.g. via a contact or comment form). Kirby sites are *not* affected if they don't allow write access for untrusted users or visitors. A field injection in a content storage implementation is a type of vulnerability that allows attackers with content write access to overwrite content fields that the site developer didn't intend to be modified. In a Kirby site this can be used to alter site content, break site behavior or inject malicious data or code. The exact security risk depends on the field type and usage. Kirby stores content of the site, of pages, files and users in text files by default. The text files use Kirby's KirbyData format where each field is separated by newlines and a line with four dashes (`----`). When reading a KirbyData file, the affected code first removed the Unicode BOM sequence from the file contents and afterwards split the content into fields by the field separator. When writing to a KirbyData file, field separators in field data are escaped to prevent user input from interfering with the field structure. However this escaping could be tricked by including a Unicode BOM sequence in a field separator (e.g. `--\xEF\xBB\xBF--`). When writing, this was not detected as a separator, but because the BOM was removed during reading, it could be abused by attackers to inject other field data into content files. Because each field can only be defined once per content file, this vulnerability only affects fields in the content file that were defined above the vulnerable user-writable field or not at all. Fields that are defined below the vulnerable field override the injected field content and were therefore already protected. The problem has been patched in Kirby 3.5.8.3, 3.6.6.3, 3.7.5.2, 3.8.4.1, and 3.9.6. In all of the mentioned releases, the maintainers have fixed the affected code to only remove the Unicode BOM sequence at the beginning of the file. This fixes this vulnerability both for newly written as well as for existing content files.

Action-Not Available
Vendor-getkirbygetkirby
Product-kirbykirby
CWE ID-CWE-140
Improper Neutralization of Delimiters
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-38218
Matching Score-4
Assigner-Adobe Systems Incorporated
ShareView Details
Matching Score-4
Assigner-Adobe Systems Incorporated
CVSS Score-8.8||HIGH
EPSS-0.65% / 46.70%
||
7 Day CHG~0.00%
Published-13 Oct, 2023 | 06:15
Updated-02 Aug, 2024 | 17:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Incorrect Authorization - Customer account takeover

Adobe Commerce versions 2.4.7-beta1 (and earlier), 2.4.6-p2 (and earlier), 2.4.5-p4 (and earlier) and 2.4.4-p5 (and earlier) are affected by an Incorrect Authorization . An authenticated attacker can exploit this to achieve information exposure and privilege escalation.

Action-Not Available
Vendor-Adobe Inc.
Product-magentocommerceAdobe Commerce
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42434
Matching Score-4
Assigner-VulnCheck
ShareView Details
Matching Score-4
Assigner-VulnCheck
CVSS Score-8.7||HIGH
EPSS-0.35% / 26.72%
||
7 Day CHG~0.00%
Published-05 May, 2026 | 11:24
Updated-05 May, 2026 | 19:47
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing

OpenClaw versions 2026.4.5 before 2026.4.10 contain a sandbox escape vulnerability allowing sandboxed agents to override exec routing by specifying host=node. Attackers can bypass sandbox boundaries and route execution to remote nodes instead of intended sandbox paths.

Action-Not Available
Vendor-OpenClaw
Product-OpenClaw
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-36556
Matching Score-4
Assigner-Fortinet, Inc.
ShareView Details
Matching Score-4
Assigner-Fortinet, Inc.
CVSS Score-8.6||HIGH
EPSS-0.84% / 53.33%
||
7 Day CHG~0.00%
Published-10 Oct, 2023 | 16:49
Updated-16 Dec, 2025 | 18:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An incorrect authorization vulnerability [CWE-863] in FortiMail webmail version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.5 and below 6.4.7 allows an authenticated attacker to login on other users accounts from the same web domain via crafted HTTP or HTTPs requests.

Action-Not Available
Vendor-Fortinet, Inc.
Product-fortimailFortiMail
CWE ID-CWE-863
Incorrect Authorization
CVE-2023-36646
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-8.8||HIGH
EPSS-0.85% / 53.58%
||
7 Day CHG~0.00%
Published-11 Dec, 2023 | 00:00
Updated-02 Aug, 2024 | 16:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Incorrect user role checking in multiple REST API endpoints in ProLion CryptoSpike 3.0.15P2 allows a remote attacker with low privileges to execute privileged functions and achieve privilege escalation via REST API endpoint invocation.

Action-Not Available
Vendor-prolionn/a
Product-cryptospiken/a
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42843
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-8.8||HIGH
EPSS-0.35% / 26.99%
||
7 Day CHG~0.00%
Published-11 May, 2026 | 15:54
Updated-27 May, 2026 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
grav-plugin-api: Grav API Privilege Escalation to Super Admin

Grav API Plugin is a RESTful API for Grav CMS that provides full headless access to your site's content, media, configuration, users, and system management. Prior to 1.0.0-beta.15, an insecure direct object reference and logic flaw in the Grav API plugin (UsersController::update) allows any authenticated user with basic API access (api.access) to modify their own permission configuration. An attacker can exploit this to escalate their privileges to Super Administrator (admin.super and api.super), leading to full system compromise and potential RCE. This vulnerability is fixed in 1.0.0-beta.15.

Action-Not Available
Vendor-getgravgetgrav
Product-grav-plugin-apigrav-plugin-api
CWE ID-CWE-863
Incorrect Authorization
CVE-2026-42999
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6||MEDIUM
EPSS-0.33% / 24.83%
||
7 Day CHG+0.08%
Published-28 May, 2026 | 00:00
Updated-30 Jun, 2026 | 12:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue was discovered in OpenStack Keystone before 29.0.2. The Keystone RBAC policy enforcer in enforce_call unconditionally merges the raw JSON request body into the policy enforcement dictionary via policy_dict.update(json_input.copy()), overwriting trusted target data that was previously set from database lookups. Because flask.request.get_json is called with force=True, this works regardless of Content-Type or HTTP method. Any authenticated user can inject arbitrary policy target attributes (e.g., user_id, project_id) into the request body to bypass RBAC checks and perform unauthorized operations on resources belonging to other users or projects. This was introduced in commit 5ea59f52 (Rocky/14.0.0).

Action-Not Available
Vendor-Red Hat, Inc.OpenStack
Product-keystoneKeystoneRed Hat OpenStack Platform 17.1Red Hat OpenStack Platform 13 (Queens)Red Hat OpenStack Platform 18.0Red Hat OpenStack Platform 16.2
CWE ID-CWE-639
Authorization Bypass Through User-Controlled Key
CWE ID-CWE-863
Incorrect Authorization
  • Previous
  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • Next
Details not found