Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-01-12 | CVE-2022-23112 | Missing Authorization vulnerability in Jenkins Publish Over SSH A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials. | 4.0 |
| 2022-01-10 | CVE-2021-25032 | Missing Authorization vulnerability in Publishpress Capabilities The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin. | 7.5 |
| 2022-01-05 | CVE-2022-22107 | Missing Authorization vulnerability in Daybydaycrm Daybyday CRM In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. | 4.0 |
| 2022-01-05 | CVE-2022-22108 | Missing Authorization vulnerability in Daybydaycrm Daybyday CRM In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization. | 4.0 |
| 2022-01-05 | CVE-2022-22111 | Missing Authorization vulnerability in Daybydaycrm Daybyday CRM 2.2.0 In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization. | 6.5 |
| 2022-01-03 | CVE-2021-24831 | Missing Authorization vulnerability in Rich-Web TAB All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs. | 5.0 |
| 2022-01-01 | CVE-2021-43333 | Missing Authorization vulnerability in Datalogic DXU The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings. | 5.8 |
| 2021-12-28 | CVE-2021-20873 | Missing Authorization vulnerability in Yappli Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme. | 5.8 |
| 2021-12-27 | CVE-2020-20944 | Missing Authorization vulnerability in Qibosoft 7.0 An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files. | 6.4 |
| 2021-12-27 | CVE-2021-24997 | Missing Authorization vulnerability in Wp-Guppy WP Guppy The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user | 6.4 |