Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2022-01-12 CVE-2022-23112 Missing Authorization vulnerability in Jenkins Publish Over SSH
A missing permission check in Jenkins Publish Over SSH Plugin 1.22 and earlier allows attackers with Overall/Read access to connect to an attacker-specified SSH server using attacker-specified credentials.
network
low complexity
jenkins CWE-862
4.0
2022-01-10 CVE-2021-25032 Missing Authorization vulnerability in Publishpress Capabilities
The PublishPress Capabilities WordPress plugin before 2.3.1, PublishPress Capabilities Pro WordPress plugin before 2.3.1 does not have authorisation and CSRF checks when updating the plugin's settings via the init hook, and does not ensure that the options to be updated belong to the plugin.
network
low complexity
publishpress CWE-862
7.5
2022-01-05 CVE-2022-22107 Missing Authorization vulnerability in Daybydaycrm Daybyday CRM
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization.
network
low complexity
daybydaycrm CWE-862
4.0
2022-01-05 CVE-2022-22108 Missing Authorization vulnerability in Daybydaycrm Daybyday CRM
In Daybyday CRM, versions 2.0.0 through 2.2.0 are vulnerable to Missing Authorization.
network
low complexity
daybydaycrm CWE-862
4.0
2022-01-05 CVE-2022-22111 Missing Authorization vulnerability in Daybydaycrm Daybyday CRM 2.2.0
In DayByDay CRM, version 2.2.0 is vulnerable to missing authorization.
network
low complexity
daybydaycrm CWE-862
6.5
2022-01-03 CVE-2021-24831 Missing Authorization vulnerability in Rich-Web TAB
All AJAX actions of the Tab WordPress plugin before 1.3.2 are available to both unauthenticated and authenticated users, allowing unauthenticated attackers to modify various data in the plugin, such as add/edit/delete arbitrary tabs.
network
low complexity
rich-web CWE-862
5.0
2022-01-01 CVE-2021-43333 Missing Authorization vulnerability in Datalogic DXU
The Datalogic DXU service on (for example) DL-Axist devices does not require authentication for configuration changes or disclosure of configuration settings.
network
datalogic CWE-862
5.8
2021-12-28 CVE-2021-20873 Missing Authorization vulnerability in Yappli
Yappli is an application development platform which provides the function to access a requested URL using Custom URL Scheme.
network
yappli CWE-862
5.8
2021-12-27 CVE-2020-20944 Missing Authorization vulnerability in Qibosoft 7.0
An issue in /admin/index.php?lfj=mysql&action=del of Qibosoft v7 allows attackers to arbitrarily delete files.
network
low complexity
qibosoft CWE-862
6.4
2021-12-27 CVE-2021-24997 Missing Authorization vulnerability in Wp-Guppy WP Guppy
The WP Guppy WordPress plugin before 1.3 does not have any authorisation in some of the REST API endpoints, allowing any user to call them and could lead to sensitive information disclosure, such as usernames and chats between users, as well as be able to send messages as an arbitrary user
network
low complexity
wp-guppy CWE-862
6.4