Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-10-31 | CVE-2022-3096 | Missing Authorization vulnerability in WP Total Hacks Project WP Total Hacks The WP Total Hacks WordPress plugin through 4.7.2 does not prevent low privilege users from modifying the plugin's settings. | 5.4 |
| 2022-10-28 | CVE-2022-3400 | Missing Authorization vulnerability in Bricksbuilder Bricks The Bricks theme for WordPress is vulnerable to authorization bypass due to a missing capability check on the bricks_save_post AJAX action in versions 1.0 to 1.5.3. | 6.5 |
| 2022-10-28 | CVE-2022-3320 | Missing Authorization vulnerability in Cloudflare Warp It was possible to bypass policies configured for Zero Trust Secure Web Gateway by using warp-cli 'set-custom-endpoint' subcommand. | 9.8 |
| 2022-10-28 | CVE-2022-3321 | Missing Authorization vulnerability in Cloudflare Warp Mobile Client It was possible to bypass Lock WARP switch feature https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch on the WARP iOS mobile client by enabling both "Disable for cellular networks" and "Disable for Wi-Fi networks" switches at once in the application settings. | 8.2 |
| 2022-10-28 | CVE-2022-3337 | Missing Authorization vulnerability in Cloudflare Warp Mobile Client It was possible for a user to delete a VPN profile from WARP mobile client on iOS platform despite the Lock WARP switch https://developers.cloudflare.com/cloudflare-one/connections/connect-devices/warp/warp-settings/#lock-warp-switch feature being enabled on Zero Trust Platform. | 8.5 |
| 2022-10-27 | CVE-2022-24669 | Missing Authorization vulnerability in Forgerock Access Management It may be possible to gain some details of the deployment through a well-crafted attack. | 6.5 |
| 2022-10-27 | CVE-2022-39329 | Missing Authorization vulnerability in Nextcloud Enterprise Server and Nextcloud Server Nextcloud Server is the file server software for Nextcloud, a self-hosted productivity platform. | 5.3 |
| 2022-10-25 | CVE-2022-39340 | Missing Authorization vulnerability in Openfga OpenFGA is an authorization/permission engine. | 5.3 |
| 2022-10-24 | CVE-2022-41797 | Missing Authorization vulnerability in Lemon8 Project Lemon8 Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 6.5 |
| 2022-10-21 | CVE-2022-1066 | Missing Authorization vulnerability in Aethon TUG Home Base Server Aethon TUG Home Base Server versions prior to version 24 are affected by un unauthenticated attacker who can freely access hashed user credentials. | 8.2 |