Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-02-25 | CVE-2022-24594 | Missing Authorization vulnerability in Waline 1.6.1 In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address. | 5.0 |
2022-02-23 | CVE-2022-0726 | Missing Authorization vulnerability in Framasoft Peertube Missing Authorization in GitHub repository chocobozzz/peertube prior to 4.1.0. | 5.4 |
2022-02-21 | CVE-2021-25075 | Missing Authorization vulnerability in Wpdevart Duplicate Page or Post The Duplicate Page or Post WordPress plugin before 1.5.1 does not have any authorisation and has a flawed CSRF check in the wpdevart_duplicate_post_parametrs_save_in_db AJAX action, allowing any authenticated users, such as subscriber to call it and change the plugin's settings, or perform such attack via CSRF. | 3.5 |
2022-02-21 | CVE-2022-0164 | Missing Authorization vulnerability in Wpdevart Coming Soon and Maintenance Mode The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users | 4.3 |
2022-02-18 | CVE-2022-23642 | Missing Authorization vulnerability in Sourcegraph Sourcegraph is a code search and navigation engine. | 8.8 |
2022-02-18 | CVE-2022-0543 | Missing Authorization vulnerability in Redis It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10.0 |
2022-02-18 | CVE-2020-25718 | Missing Authorization vulnerability in multiple products A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). | 8.8 |
2022-02-16 | CVE-2022-0611 | Missing Authorization vulnerability in Snipeitapp Snipe-It Missing Authorization in Packagist snipe/snipe-it prior to 5.3.11. | 8.8 |
2022-02-15 | CVE-2022-25190 | Missing Authorization vulnerability in Jenkins Conjur Secrets A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
2022-02-15 | CVE-2022-25193 | Missing Authorization vulnerability in Jenkins Snow Commander Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |