Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2022-06-13 CVE-2022-32560 Missing Authorization vulnerability in Couchbase Server
An issue was discovered in Couchbase Server before 7.0.4.
network
low complexity
couchbase CWE-862
7.5
2022-06-13 CVE-2022-31752 Missing Authorization vulnerability in Huawei Emui and Magic UI
Missing authorization vulnerability in the system components.
local
low complexity
huawei CWE-862
2.1
2022-06-13 CVE-2021-25116 Missing Authorization vulnerability in Enqueue Anything Project Enqueue Anything 1.0.1
The Enqueue Anything WordPress plugin through 1.0.1 does not have authorisation and CSRF checks in the remove_asset AJAX action, and does not ensure that the item to be deleted is actually an asset.
network
low complexity
enqueue-anything-project CWE-862
6.5
2022-06-13 CVE-2022-0745 Missing Authorization vulnerability in Likebtn Like Button Rating
The Like Button Rating WordPress plugin before 2.6.45 allows any logged-in user, such as subscriber, to send arbitrary e-mails to any recipient, with any subject and body
network
low complexity
likebtn CWE-862
4.0
2022-06-13 CVE-2022-0885 Missing Authorization vulnerability in Memberhero Member Hero 1.0.9
The Member Hero WordPress plugin through 1.0.9 lacks authorization checks, and does not validate the a request parameter in an AJAX action, allowing unauthenticated users to call arbitrary PHP functions with no arguments.
network
low complexity
memberhero CWE-862
critical
9.8
2022-06-13 CVE-2022-1777 Missing Authorization vulnerability in Filr Project Filr
The Filr WordPress plugin before 1.2.2.1 does not have authorisation check in two of its AJAX actions, allowing them to be called by any authenticated users, such as subscriber.
network
low complexity
filr-project CWE-862
6.5
2022-06-09 CVE-2022-24896 Missing Authorization vulnerability in Enalean Tuleap
Tuleap is a Free & Open Source Suite to manage software developments and collaboration.
network
low complexity
enalean CWE-862
4.0
2022-06-08 CVE-2022-1570 Missing Authorization vulnerability in Files Download Delay Project Files Download Delay
The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action.
network
low complexity
files-download-delay-project CWE-862
6.5
2022-06-07 CVE-2022-30746 Missing Authorization vulnerability in Samsung Smartthings 1.7.73.22
Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API.
network
low complexity
samsung CWE-862
7.5
2022-06-06 CVE-2022-21748 Missing Authorization vulnerability in Google Android 11.0/12.0
In telephony, there is a possible information disclosure due to a missing permission check.
local
low complexity
google CWE-862
5.5