Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-04-11 | CVE-2022-0919 | Missing Authorization vulnerability in Salonbookingsystem Salon Booking System The Salon booking system Free and pro WordPress plugins before 7.6.3 do not have proper authorisation when searching bookings, allowing any unauthenticated users to search other's booking, as well as retrieve sensitive information about the bookings, such as the full name, email and phone number of the person who booked it. | 5.0 |
| 2022-04-04 | CVE-2022-0404 | Missing Authorization vulnerability in Material Design for Contact Form 7 Project Material Design for Contact Form 7 2.6.4 The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site. | 6.5 |
| 2022-04-04 | CVE-2022-0837 | Missing Authorization vulnerability in Tms-Outsource Amelia The Amelia WordPress plugin before 1.0.48 does not have proper authorisation when handling Amelia SMS service, allowing any customer to send paid test SMS notification as well as retrieve sensitive information about the admin, such as the email, account balance and payment history. | 5.4 |
| 2022-04-01 | CVE-2022-0390 | Missing Authorization vulnerability in Gitlab Improper access control in Gitlab CE/EE versions 12.7 to 14.5.4, 14.6 to 14.6.4, and 14.7 to 14.7.1 allowed for project non-members to retrieve issue details when it was linked to an item from the vulnerability dashboard. | 4.3 |
| 2022-03-31 | CVE-2022-26546 | Missing Authorization vulnerability in Hospital Management System Project Hospital Management System 1.0 Hospital Management System v1.0 was discovered to lack an authorization component, allowing attackers to access sensitive information and obtain the admin password. | 6.4 |
| 2022-03-31 | CVE-2022-23183 | Missing Authorization vulnerability in Advancedcustomfields Advanced Custom Fields Missing authorization vulnerability in Advanced Custom Fields versions prior to 5.12.1 and Advanced Custom Fields Pro versions prior to 5.12.1 allows a remote authenticated attacker to view the information on the database without the access permission. | 4.0 |
| 2022-03-30 | CVE-2021-39742 | Missing Authorization vulnerability in Google Android 12.1 In Voicemail, there is a possible way to retrieve a trackable identifier due to a missing permission check. | 4.3 |
| 2022-03-30 | CVE-2021-39743 | Missing Authorization vulnerability in Google Android 12.1 In PackageManager, there is a possible way to update the last usage time of another package due to a missing permission check. | 4.6 |
| 2022-03-30 | CVE-2021-39749 | Missing Authorization vulnerability in Google Android 12.1 In WindowManager, there is a possible way to start non-exported and protected activities due to a missing permission check. | 7.2 |
| 2022-03-30 | CVE-2021-39750 | Missing Authorization vulnerability in Google Android 12.1 In PackageManager, there is a possible way to change the splash screen theme of other apps due to a missing permission check. | 4.6 |