Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2021-09-27 | CVE-2021-37270 | Missing Authorization vulnerability in S-Cms CMS Enterprise Website Construction System 5.0 There is an unauthorized access vulnerability in the CMS Enterprise Website Construction System 5.0. | 9.8 |
| 2021-09-22 | CVE-2021-34648 | Missing Authorization vulnerability in Ninjaforms Ninja Forms The Ninja Forms WordPress plugin is vulnerable to arbitrary email sending via the trigger_email_action function found in the ~/includes/Routes/Submissions.php file, in versions up to and including 3.5.7. | 4.3 |
| 2021-09-20 | CVE-2021-24635 | Missing Authorization vulnerability in Bootstrapped Visual Link Preview The Visual Link Preview WordPress plugin before 2.2.3 does not enforce authorisation on several AJAX actions and has the CSRF nonce displayed for all authenticated users, allowing any authenticated user (such as subscriber) to call them and 1) Get and search through title and content of Draft post, 2) Get title of a password-protected post as well as 3) Upload an image from an URL | 5.4 |
| 2021-09-15 | CVE-2021-33704 | Missing Authorization vulnerability in SAP Business ONE 10.0 The Service Layer of SAP Business One, version - 10.0, allows an authenticated attacker to invoke certain functions that would otherwise be restricted to specific users. | 8.8 |
| 2021-09-15 | CVE-2021-22147 | Missing Authorization vulnerability in Elastic Elasticsearch Elasticsearch before 7.14.0 did not apply document and field level security to searchable snapshots. | 6.5 |
| 2021-09-15 | CVE-2021-22149 | Missing Authorization vulnerability in Elastic Enterprise Search Elastic Enterprise Search App Search versions before 7.14.0 are vulnerable to an issue where API keys were missing authorization via an alternate route. | 8.8 |
| 2021-09-14 | CVE-2021-41077 | Missing Authorization vulnerability in Travis-Ci Travis CI The activation process in Travis CI, for certain 2021-09-03 through 2021-09-10 builds, causes secret data to have unexpected sharing that is not specified by the customer-controlled .travis.yml file. | 7.5 |
| 2021-09-14 | CVE-2021-37535 | Missing Authorization vulnerability in SAP Netweaver Application Server Java SAP NetWeaver Application Server Java (JMS Connector Service) - versions 7.11, 7.20, 7.30, 7.31, 7.40, 7.50, does not perform necessary authorization checks for user privileges. | 9.8 |
| 2021-09-14 | CVE-2021-38164 | Missing Authorization vulnerability in SAP ERP Financial Accounting SAP ERP Financial Accounting (RFOPENPOSTING_FR) versions - SAP_APPL - 600, 602, 603, 604, 605, 606, 616, SAP_FIN - 617, 618, 700, 720, 730, SAPSCORE - 125, S4CORE, 100, 101, 102, 103, 104, 105, allows a registered attacker to invoke certain functions that would otherwise be restricted to specific users. | 5.4 |
| 2021-09-08 | CVE-2021-38388 | Missing Authorization vulnerability in Linecorp Central Dogma Central Dogma allows privilege escalation with mirroring to the internal dogma repository that has a file managing the authorization of the project. | 8.8 |