Vulnerabilities > Missing Authorization
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2021-10-19 | CVE-2021-38486 | Missing Authorization vulnerability in Inhandnetworks Ir615 Firmware 2.3.0.R4724/2.3.0.R4870 InHand Networks IR615 Router's Versions 2.3.0.r4724 and 2.3.0.r4870 cloud portal allows for self-registration of the affected product without any requirements to create an account, which may allow an attacker to have full control over the product and execute code within the internal network to which the product is connected. | 8.5 |
2021-10-18 | CVE-2021-24677 | Missing Authorization vulnerability in Find MY Blocks Project Find MY Blocks The Find My Blocks WordPress plugin before 3.4.0 does not have authorisation checks in its REST API, which could allow unauthenticated users to enumerate private posts' titles. | 5.0 |
2021-10-15 | CVE-2021-37738 | Missing Authorization vulnerability in Arubanetworks Clearpass Policy Manager A remote disclosure of sensitive information vulnerability was discovered in Aruba ClearPass Policy Manager version(s): ClearPass Policy Manager 6.10.x prior to 6.10.2 - - ClearPass Policy Manager 6.9.x prior to 6.9.7-HF1 - - ClearPass Policy Manager 6.8.x prior to 6.8.9-HF1. | 5.0 |
2021-10-15 | CVE-2021-38431 | Missing Authorization vulnerability in Advantech Webaccess Scada 8.3.1/9.0.3 An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users. | 4.0 |
2021-10-15 | CVE-2021-42331 | Missing Authorization vulnerability in Xinheinformation Xinhe Teaching Platform System V2021 The “Study Edit” function of ShinHer StudyOnline System does not perform permission control. | 5.5 |
2021-10-13 | CVE-2021-20834 | Missing Authorization vulnerability in Nike Improper authorization in handler for custom URL scheme vulnerability in Nike App for Android versions prior to 2.177 and Nike App for iOS versions prior to 2.177.1 allows a remote attacker to lead a user to access an arbitrary website via the vulnerable App. | 5.8 |
2021-10-12 | CVE-2021-39184 | Missing Authorization vulnerability in Electronjs Electron Electron is a framework for writing cross-platform desktop applications using JavaScript, HTML and CSS. | 5.0 |
2021-10-11 | CVE-2021-40884 | Missing Authorization vulnerability in Projectsend R1295 Projectsend version r1295 is affected by sensitive information disclosure. | 5.5 |
2021-10-08 | CVE-2021-37976 | Missing Authorization vulnerability in multiple products Inappropriate implementation in Memory in Google Chrome prior to 94.0.4606.71 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. | 6.5 |
2021-10-07 | CVE-2021-32172 | Missing Authorization vulnerability in Maianscriptworld Maian Cart 3.8 Maian Cart v3.8 contains a preauthorization remote code execution (RCE) exploit via a broken access control issue in the Elfinder plugin. | 7.5 |