Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-06-08 | CVE-2022-1570 | Missing Authorization vulnerability in Files Download Delay Project Files Download Delay The Files Download Delay WordPress plugin before 1.0.7 does not have authorisation and CSRF checks when reseting its settings, which could allow any authenticated users, such as subscriber to perform such action. | 6.5 |
2022-06-07 | CVE-2022-30746 | Missing Authorization vulnerability in Samsung Smartthings 1.7.73.22 Missing caller check in Smart Things prior to version 1.7.85.12 allows attacker to access senstive information remotely using javascript interface API. | 7.5 |
2022-06-06 | CVE-2022-21748 | Missing Authorization vulnerability in Google Android 11.0/12.0 In telephony, there is a possible information disclosure due to a missing permission check. | 5.5 |
2022-06-06 | CVE-2022-21749 | Missing Authorization vulnerability in Google Android 11.0/12.0 In telephony, there is a possible information disclosure due to a missing permission check. | 5.5 |
2022-05-30 | CVE-2022-1203 | Missing Authorization vulnerability in Content Mask Project Content Mask The Content Mask WordPress plugin before 1.8.4.1 does not have authorisation and CSRF checks in various AJAX actions, as well as does not validate the option to be updated to ensure it belongs to the plugin. | 4.3 |
2022-05-24 | CVE-2020-4926 | Missing Authorization vulnerability in IBM Elastic Storage System and Spectrum Scale A vulnerability in the Spectrum Scale 5.1 core component and IBM Elastic Storage System 6.1 could allow unauthorized access to user data or injection of arbitrary data in the communication protocol. | 6.4 |
2022-05-20 | CVE-2022-28993 | Missing Authorization vulnerability in Bdtask Multi Store Inventory Management System 1.0 Multi Store Inventory Management System v1.0 allows attackers to perform an account takeover via a crafted POST request. | 9.8 |
2022-05-19 | CVE-2022-1423 | Missing Authorization vulnerability in Gitlab Improper access control in the CI/CD cache mechanism in GitLab CE/EE affecting all versions starting from 1.0.2 before 14.8.6, all versions from 14.9.0 before 14.9.4, and all versions from 14.10.0 before 14.10.1 allows a malicious actor with Developer privileges to perform cache poisoning leading to arbitrary code execution in protected branches | 8.8 |
2022-05-18 | CVE-2021-42848 | Missing Authorization vulnerability in Lenovo products An information disclosure vulnerability was reported in some Lenovo Personal Cloud Storage devices that could allow an unauthenticated user to retrieve device and networking details. | 5.0 |
2022-05-17 | CVE-2022-30951 | Missing Authorization vulnerability in Jenkins WMI Windows Agents Jenkins WMI Windows Agents Plugin 1.8 and earlier includes the Windows Remote Command library does not implement access control, potentially allowing users to start processes even if they're not allowed to log in. | 8.8 |