Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-28 | CVE-2022-0345 | Missing Authorization vulnerability in Madewithfuel Customize Wordpress Emails and Alerts The Customize WordPress Emails and Alerts WordPress plugin before 1.8.7 does not have authorisation and CSRF check in its bnfw_search_users AJAX action, allowing any authenticated users to call it and query for user e-mail prefixes (finding the first letter, then the second one, then the third one etc.). | 4.3 |
| 2022-02-25 | CVE-2022-24594 | Missing Authorization vulnerability in Waline 1.6.1 In waline 1.6.1, an attacker can submit messages using X-Forwarded-For to forge any IP address. | 5.3 |
| 2022-02-21 | CVE-2022-0164 | Missing Authorization vulnerability in Wpdevart Coming Soon and Maintenance Mode The Coming soon and Maintenance mode WordPress plugin before 3.5.3 does not have authorisation and CSRF checks in its coming_soon_send_mail AJAX action, allowing any authenticated users, with a role as low as subscriber to send arbitrary emails to all subscribed users | 4.3 |
| 2022-02-18 | CVE-2022-23642 | Missing Authorization vulnerability in Sourcegraph Sourcegraph is a code search and navigation engine. | 8.8 |
| 2022-02-18 | CVE-2022-0543 | Missing Authorization vulnerability in Redis It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could result in remote code execution. | 10.0 |
| 2022-02-18 | CVE-2020-25718 | Missing Authorization vulnerability in multiple products A flaw was found in the way samba, as an Active Directory Domain Controller, is able to support an RODC (read-only domain controller). | 8.8 |
| 2022-02-15 | CVE-2022-25190 | Missing Authorization vulnerability in Jenkins Conjur Secrets A missing permission check in Jenkins Conjur Secrets Plugin 1.0.11 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins. | 4.3 |
| 2022-02-15 | CVE-2022-25193 | Missing Authorization vulnerability in Jenkins Snow Commander Missing permission checks in Jenkins Snow Commander Plugin 1.10 and earlier allow attackers with Overall/Read permission to connect to an attacker-specified webserver using attacker-specified credentials IDs obtained through another method, capturing credentials stored in Jenkins. | 6.5 |
| 2022-02-15 | CVE-2022-25195 | Missing Authorization vulnerability in Jenkins Autonomiq A missing permission check in Jenkins autonomiq Plugin 1.15 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials. | 4.3 |
| 2022-02-15 | CVE-2022-25199 | Missing Authorization vulnerability in Jenkins SCP Publisher 1.8 A missing permission check in Jenkins SCP publisher Plugin 1.8 and earlier allows attackers with Overall/Read permission to connect to an attacker-specified SSH server using attacker-specified credentials. | 8.8 |