Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-09-10 | CVE-2024-44112 | Missing Authorization vulnerability in SAP OIL %/ GAS Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. | 4.3 |
2024-09-09 | CVE-2024-8042 | Missing Authorization vulnerability in Rapid7 Insight Platform Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. | 3.1 |
2024-09-06 | CVE-2023-39298 | Missing Authorization vulnerability in Qnap QTS and Quts Hero A missing authorization vulnerability has been reported to affect several QNAP operating system versions. | 7.8 |
2024-09-06 | CVE-2024-44408 | Missing Authorization vulnerability in Dlink Dir-823G Firmware 1.0.2B0520181207 D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. | 7.5 |
2024-09-06 | CVE-2024-7622 | Missing Authorization vulnerability in Jetplugs Revision Manager TMC The Revision Manager TMC plugin for WordPress is vulnerable to unauthorized arbitrary email sending due to a missing capability check on the _a_ajaxQuickEmailTestCallback() function in all versions up to, and including, 2.8.19. | 4.3 |
2024-09-06 | CVE-2024-8427 | Missing Authorization vulnerability in Wpshuffle Frontend Post Submission Manager The Frontend Post Submission Manager Lite – Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the save_global_settings and process_form_edit functions in all versions up to, and including, 1.2.2. | 4.3 |
2024-09-06 | CVE-2024-8480 | Missing Authorization vulnerability in Sirv The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'sirv_save_prevented_sizes' function in all versions up to, and including, 7.2.7. | 8.8 |
2024-09-05 | CVE-2024-7380 | Missing Authorization vulnerability in Infinitumform GEO Controller The Geo Controller plugin for WordPress is vulnerable to unauthorized menu creation/deletion due to missing capability checks on the ajax__geolocate_menu and ajax__geolocate_remove_menu functions in all versions up to, and including, 8.6.9. | 4.3 |
2024-09-05 | CVE-2024-7381 | Missing Authorization vulnerability in Infinitumform GEO Controller The Geo Controller plugin for WordPress is vulnerable to unauthorized shortcode execution due to missing authorization and capability checks on the ajax__shortcode_cache function in all versions up to, and including, 8.6.9. | 5.3 |
2024-09-05 | CVE-2024-7605 | Missing Authorization vulnerability in Helloasso The HelloAsso plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'ha_ajax' function in all versions up to, and including, 1.1.10. | 4.3 |