Improper Authorization in GitHub repository phpipam/phpipam prior to 1.4.6.

Improper Authorization in GitHub repository janeczku/calibre-web prior to 0.6.16.

Improper Authorization in GitHub repository cobbler/cobbler prior to 3.3.2.

Improper Authorization in GitHub repository orchardcms/orchardcore prior to 1.3.0.

Improper Authorization in GitHub repository webmin/webmin prior to 1.990.

Improper Authorization in Packagist librenms/librenms prior to 22.2.0.

Improper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionActivity.

When a password reset or password change flow with an authentication policy is configured and the adapter in the reset or change policy supports multiple parallel reset flows, an existing user can reset another existing users password.

MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perform proper authorization and authentication checks on multiple API routes. An attacker may gain access to these API routes and achieve remote code execution, create a denial-of-service condition, and obtain sensitive information.

Local privilege escalation via named pipe due to improper access control checks. The following products are affected: Acronis Cyber Protect 15 (Windows) before build 28035, Acronis Agent (Windows) before build 27147, Acronis Cyber Protect Home Office (Windows) before build 39612, Acronis True Image 2021 (Windows) before build 39287