Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2022-01-24 | CVE-2021-24906 | Missing Authorization vulnerability in Wp-Experts Protect WP Admin The Protect WP Admin WordPress plugin before 3.6.2 does not check for authorisation in the lib/pwa-deactivate.php file, which could allow unauthenticated users to disable the plugin (and therefore the protection offered) via a crafted request | 5.0 |
2022-01-21 | CVE-2022-21707 | Missing Authorization vulnerability in Wasmcloud Host Runtime wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. | 8.1 |
2022-01-19 | CVE-2021-38789 | Missing Authorization vulnerability in Allwinnertech Android Q SDK 1.0 Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings. | 5.0 |
2022-01-18 | CVE-2021-44840 | Missing Authorization vulnerability in Deltarm Delta RM 1.2 An issue was discovered in Delta RM 1.2. | 4.0 |
2022-01-18 | CVE-2022-0125 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. | 4.3 |
2022-01-18 | CVE-2022-0152 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. | 4.0 |
2022-01-18 | CVE-2022-0236 | Missing Authorization vulnerability in Vjinfotech WP Import Export and WP Import Export Lite The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. | 5.0 |
2022-01-17 | CVE-2021-25025 | Missing Authorization vulnerability in Theeventscalendar Eventcalendar The EventCalendar WordPress plugin before 1.1.51 does not have proper authorisation and CSRF checks in the add_calendar_event AJAX actions, allowing users with a role as low as subscriber to create events | 4.3 |
2022-01-14 | CVE-2021-1037 | Missing Authorization vulnerability in Google Android The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. | 5.3 |
2022-01-14 | CVE-2021-28506 | Missing Authorization vulnerability in Arista EOS An issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device. | 9.4 |