Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-08 | CVE-2022-24450 | Missing Authorization vulnerability in Nats Server and Nats Streaming Server NATS nats-server before 2.7.2 has Incorrect Access Control. | 8.8 |
| 2022-02-07 | CVE-2021-24839 | Missing Authorization vulnerability in Supportcandy The SupportCandy WordPress plugin before 2.2.5 does not have authorisation and CSRF checks in its wpsc_tickets AJAX action, which could allow unauthenticated users to call it and delete arbitrary tickets via the set_delete_permanently_bulk_ticket setting_action. | 7.5 |
| 2022-01-26 | CVE-2022-0203 | Missing Authorization vulnerability in Craterapp Crater Improper Access Control in GitHub repository crater-invoice/crater prior to 6.0.2. | 5.3 |
| 2022-01-21 | CVE-2022-21707 | Missing Authorization vulnerability in Wasmcloud Host Runtime wasmCloud Host Runtime is a server process that securely hosts and provides dispatch for web assembly (WASM) actors and capability providers. | 8.1 |
| 2022-01-19 | CVE-2021-38789 | Missing Authorization vulnerability in Allwinnertech Android Q SDK 1.0 Allwinner R818 SoC Android Q SDK V1.0 is affected by an incorrect access control vulnerability that does not check the caller's permission, in which a third-party app could change system settings. | 7.5 |
| 2022-01-18 | CVE-2021-44840 | Missing Authorization vulnerability in Deltarm Delta RM 1.2 An issue was discovered in Delta RM 1.2. | 2.7 |
| 2022-01-18 | CVE-2022-0125 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 12.0 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. | 4.3 |
| 2022-01-18 | CVE-2022-0152 | Missing Authorization vulnerability in Gitlab An issue has been discovered in GitLab affecting all versions starting from 13.10 before 14.4.5, all versions starting from 14.5.0 before 14.5.3, all versions starting from 14.6.0 before 14.6.2. | 6.5 |
| 2022-01-18 | CVE-2022-0236 | Missing Authorization vulnerability in Vjinfotech WP Import Export Lite The WP Import Export WordPress plugin (both free and premium versions) is vulnerable to unauthenticated sensitive data disclosure due to a missing capability check on the download function wpie_process_file_download found in the ~/includes/classes/class-wpie-general.php file. | 7.5 |
| 2022-01-14 | CVE-2021-1037 | Missing Authorization vulnerability in Google Android The broadcast that DevicePickerFragment sends when a new device is paired doesn't have any permission checks, so any app can register to listen for it. | 5.3 |