Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-09-29 | CVE-2020-15338 | Missing Authorization vulnerability in Zyxel Cloudcnm Secumanager 3.1.0/3.1.1 Zyxel CloudCNM SecuManager 3.1.0 and 3.1.1 has a "Use of GET Request Method With Sensitive Query Strings" issue for /cnr requests. | 5.3 |
| 2022-09-26 | CVE-2021-28052 | Missing Authorization vulnerability in Hitach Vantara A tenant administrator Hitachi Content Platform (HCP) may modify the configuration in another tenant without authorization, potentially allowing unauthorized access to data in the other tenant. | 4.9 |
| 2022-09-26 | CVE-2021-24890 | Missing Authorization vulnerability in Dplugins Scripts Organizer The Scripts Organizer WordPress plugin before 3.0 does not have capability and CSRF checks in the saveScript AJAX action, available to both unauthenticated and authenticated users, and does not validate user input in any way, which could allow unauthenticated users to put arbitrary PHP code in a file | 8.8 |
| 2022-09-26 | CVE-2022-2405 | Missing Authorization vulnerability in Themehunk WP Popup Builder The WP Popup Builder WordPress plugin before 1.2.9 does not have authorisation and CSRF check in an AJAX action, allowing any authenticated users, such as subscribers to delete arbitrary Popup | 4.3 |
| 2022-09-26 | CVE-2022-2987 | Missing Authorization vulnerability in Ldap WP Login / Active Directory Integration Project Ldap WP Login / Active Directory Integration The Ldap WP Login / Active Directory Integration WordPress plugin before 3.0.2 does not have any authorisation and CSRF checks when updating it's settings (which are hooked to the init action), allowing unauthenticated attackers to update them. | 7.5 |
| 2022-09-23 | CVE-2022-32220 | Missing Authorization vulnerability in Rocket.Chat An information disclosure vulnerability exists in Rocket.Chat <v5 due to the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | 6.5 |
| 2022-09-23 | CVE-2022-35249 | Missing Authorization vulnerability in Rocket.Chat A information disclosure vulnerability exists in Rocket.Chat <v5 where the getUserMentionsByChannel meteor server method discloses messages from private channels and direct messages regardless of the users access permission to the room. | 4.3 |
| 2022-09-23 | CVE-2021-41803 | Missing Authorization vulnerability in Hashicorp Consul HashiCorp Consul 1.8.1 up to 1.11.8, 1.12.4, and 1.13.1 do not properly validate the node or segment names prior to interpolation and usage in JWT claim assertions with the auto config RPC. | 7.1 |
| 2022-09-22 | CVE-2021-39190 | Missing Authorization vulnerability in Teclib-Edition System Center Configuration Manager The SCCM plugin for GLPI is a plugin to synchronize computers from SCCM (version 1802) to GLPI. | 5.3 |
| 2022-09-22 | CVE-2022-38512 | Missing Authorization vulnerability in Liferay DXP and Liferay Portal The Translation module in Liferay Portal v7.4.3.12 through v7.4.3.36, and Liferay DXP 7.4 update 8 through 36 does not check permissions before allowing a user to export a web content for translation, allowing attackers to download a web content page's XLIFF translation file via crafted URL. | 6.5 |