Vulnerabilities > Missing Authorization

DATE	CVE	VULNERABILITY TITLE	RISK
2025-05-19	CVE-2025-4477	The ThreatSonar Anti-Ransomware from TeamT5 has a Privilege Escalation vulnerability, allowing remote attackers with intermediate privileges to escalate their privileges to highest administrator level through a specific API. network low complexity CWE-862	7.2
2025-05-18	CVE-2025-4887	Missing Authorization vulnerability in Senior-Walter Online Student Clearance System 1.0 A vulnerability, which was classified as problematic, has been found in SourceCodester Online Student Clearance System 1.0. network low complexity senior-walter CWE-862	8.8
2025-05-17	CVE-2025-3527	Missing Authorization vulnerability in Myeventon Eventon The EventON Pro plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check in the 'assets/lib/settings/settings.js' file in all versions up to, and including, 4.9.6. network low complexity myeventon CWE-862	5.4
2025-05-16	CVE-2025-48138	Missing Authorization vulnerability in Bertha AI Missing Authorization vulnerability in berthaai BERTHA AI allows Exploiting Incorrectly Configured Access Control Security Levels. network low complexity bertha CWE-862	8.8
2025-05-14	CVE-2025-4520	The Uncanny Automator plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on multiple AJAX functions in versions up to, and including, 6.4.0.2. network low complexity CWE-862	5.4
2025-05-13	CVE-2025-4339	The TheGem theme for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the ajaxApi() function in all versions up to, and including, 5.10.3. network low complexity CWE-862	4.3
2025-05-13	CVE-2025-43000	Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application. local low complexity CWE-862	7.9
2025-05-13	CVE-2025-43004	Due to a security misconfiguration vulnerability, customers can develop Production Operator Dashboards (PODs) that enable outside users to access customer data when they access these dashboards. network low complexity CWE-862	5.3
2025-05-13	CVE-2025-43007	SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. network low complexity CWE-862	6.3
2025-05-13	CVE-2025-43008	Due to missing authorization check, an unauthorized user can view the files of other company. network high complexity CWE-862	5.8

Vulnerabilities > Missing Authorization {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Missing Authorization"}]}

Vulnerabilities > Missing Authorization