Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-09-11 | CVE-2024-7727 | Missing Authorization vulnerability in Bplugins Html5 Video Player The HTML5 Video Player – mp4 Video Player Plugin and Block plugin for WordPress is vulnerable to unauthorized access of data due to a missing capability check on multiple functions called via the 'h5vp_ajax_handler' ajax action in all versions up to, and including, 2.5.32. | 5.3 |
| 2024-09-11 | CVE-2024-40650 | Missing Authorization vulnerability in Google Android In wifi_item_edit_content of styles.xml , there is a possible FRP bypass due to Missing check for FRP state. | 7.8 |
| 2024-09-11 | CVE-2024-40652 | Missing Authorization vulnerability in Google Android In onCreate of SettingsHomepageActivity.java, there is a possible way to access the Settings app while the device is provisioning due to a missing permission check. | 7.8 |
| 2024-09-10 | CVE-2024-45591 | Missing Authorization vulnerability in Xwiki XWiki Platform is a generic wiki platform. | 5.3 |
| 2024-09-10 | CVE-2024-8369 | Missing Authorization vulnerability in Metagauss Eventprime The EventPrime – Events Calendar, Bookings and Tickets plugin for WordPress is vulnerable to unauthorized access to Private or Password-protected events due to missing authorization checks in all versions up to, and including, 4.0.4.3. | 5.3 |
| 2024-09-10 | CVE-2024-41728 | Missing Authorization vulnerability in SAP Netweaver Application Server Abap Due to missing authorization check, SAP NetWeaver Application Server for ABAP and ABAP Platform allows an attacker logged in as a developer to read objects contained in a package. | 2.7 |
| 2024-09-10 | CVE-2024-44112 | Missing Authorization vulnerability in SAP OIL %/ GAS Due to missing authorization check in SAP for Oil & Gas (Transportation and Distribution), an attacker authenticated as a non-administrative user could call a remote-enabled function which will allow them to delete non-sensitive entries in a user data table. | 4.3 |
| 2024-09-09 | CVE-2024-8042 | Missing Authorization vulnerability in Rapid7 Insight Platform Rapid7 Insight Platform versions between November 2019 and August 14, 2024 suffer from missing authorization issues whereby an attacker can intercept local requests to set the name and description of a new user group. | 3.1 |
| 2024-09-06 | CVE-2023-39298 | Missing Authorization vulnerability in Qnap QTS and Quts Hero A missing authorization vulnerability has been reported to affect several QNAP operating system versions. | 7.8 |
| 2024-09-06 | CVE-2024-44408 | Missing Authorization vulnerability in Dlink Dir-823G Firmware 1.0.2B0520181207 D-Link DIR-823G v1.0.2B05_20181207 is vulnerable to Information Disclosure. | 7.5 |