Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2024-09-10 CVE-2024-44112 Missing Authorization vulnerability in SAP OIL %/ GAS
Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table.
network
low complexity
sap CWE-862
4.3
2024-09-09 CVE-2024-8042 Missing Authorization vulnerability in Rapid7 Insight Platform
Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group.
high complexity
rapid7 CWE-862
3.1
2024-09-06 CVE-2023-39298 Missing Authorization vulnerability in Qnap QTS and Quts Hero
A missing authorization vulnerability has been reported to affect several QNAP operating system versions.
local
low complexity
qnap CWE-862
7.8
2024-09-06 CVE-2024-44408 Missing Authorization vulnerability in Dlink Dir-823G Firmware 1.0.2B0520181207
D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure.
network
low complexity
dlink CWE-862
7.5
2024-09-06 CVE-2024-7622 Missing Authorization vulnerability in Jetplugs Revision Manager TMC
The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions up to, and including, 2.8.19.
network
low complexity
jetplugs CWE-862
4.3
2024-09-06 CVE-2024-8427 Missing Authorization vulnerability in Wpshuffle Frontend Post Submission Manager
The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2.
network
low complexity
wpshuffle CWE-862
4.3
2024-09-06 CVE-2024-8480 Missing Authorization vulnerability in Sirv
The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7.
network
low complexity
sirv CWE-862
8.8
2024-09-05 CVE-2024-7380 Missing Authorization vulnerability in Infinitumform GEO Controller
The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9.
network
low complexity
infinitumform CWE-862
4.3
2024-09-05 CVE-2024-7381 Missing Authorization vulnerability in Infinitumform GEO Controller
The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9.
network
low complexity
infinitumform CWE-862
5.3
2024-09-05 CVE-2024-7605 Missing Authorization vulnerability in Helloasso
The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10.
network
low complexity
helloasso CWE-862
4.3