Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-10-05 | CVE-2024-9161 | Missing Authorization vulnerability in Rankmath SEO The Rank Math SEO – AI SEO Tools to Dominate SEO Rankings plugin for WordPress is vulnerable to unauthorized modification and loss of data due to a missing capability check on the 'update_metadata' function in all versions up to, and including, 1.0.228. | 6.5 |
| 2024-10-04 | CVE-2024-47768 | Missing Authorization vulnerability in Lifplatforms LIF Authentication Server Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. | 8.1 |
| 2024-10-02 | CVE-2024-20438 | Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller A vulnerability in the REST API endpoints of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to read or write files on an affected device. This vulnerability exists because of missing authorization controls on some REST API endpoints. | 5.4 |
| 2024-10-02 | CVE-2024-20442 | Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller A vulnerability in the REST API endpoints of Cisco Nexus Dashboard could allow an authenticated, low-privileged, remote attacker to perform limited Administrator actions on an affected device. This vulnerability is due to insufficient authorization controls on some REST API endpoints. | 5.4 |
| 2024-10-02 | CVE-2024-20477 | Missing Authorization vulnerability in Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller A vulnerability in a specific REST API endpoint of Cisco NDFC could allow an authenticated, low-privileged, remote attacker to upload or delete files on an affected device. This vulnerability exists because of missing authorization controls on the affected REST API endpoint. | 5.4 |
| 2024-10-01 | CVE-2024-8430 | The Spice Starter Sites plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the spice_starter_sites_importer_creater function in all versions up to, and including, 1.2.5. | 5.3 |
| 2024-10-01 | CVE-2024-8675 | The Soumettre.fr plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the soumettre_disconnect_gateway function in all versions up to, and including, 2.1.2. | 4.3 |
| 2024-09-28 | CVE-2024-9297 | Missing Authorization vulnerability in Oretnom23 Railway Reservation System 1.0 A vulnerability was found in SourceCodester Online Railway Reservation System 1.0. | 6.3 |
| 2024-09-28 | CVE-2024-9189 | Missing Authorization vulnerability in Wpfactory Eu/Uk VAT Manager for Woocommerce The EU/UK VAT Manager for WooCommerce plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the alg_wc_eu_vat_exempt_vat_from_admin() function in all versions up to, and including, 2.12.12. | 5.3 |
| 2024-09-27 | CVE-2024-9202 | Missing Authorization vulnerability in Eclipse Dataspace Components In Eclipse Dataspace Components versions 0.1.3 to 0.9.0, the Connector component filters which datasets (= data offers) another party can see in a requested catalog, to ensure that only authorized parties are able to view restricted offers. However, there is the possibility to request a single dataset, which should be subject to the same filtering process, but currently is missing the correct filtering. This enables parties to potentially see datasets they should not have access to, thereby exposing sensitive information. | 5.3 |