Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2024-07-22 | CVE-2024-6806 | Missing Authorization vulnerability in NI Veristand The NI VeriStand Gateway is missing authorization checks when an actor attempts to access Project resources. | 9.8 |
| 2024-07-16 | CVE-2024-1937 | Missing Authorization vulnerability in Brizy The Brizy – Page Builder plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'update_item' function in all versions up to, and including, 2.4.44. | 6.5 |
| 2024-07-09 | CVE-2024-31318 | Missing Authorization vulnerability in Google Android In CompanionDeviceManagerService.java, there is a possible way to pair a companion device without user acceptance due to a missing permission check. | 7.8 |
| 2024-07-09 | CVE-2024-31332 | Missing Authorization vulnerability in Google Android 13.0/14.0 In multiple locations, there is a possible way to bypass a restriction on adding new Wi-Fi connections due to a missing permission check. | 7.8 |
| 2024-07-03 | CVE-2024-36113 | Missing Authorization vulnerability in Discourse Discourse is an open-source discussion platform. | 6.5 |
| 2024-07-02 | CVE-2024-6088 | Missing Authorization vulnerability in Thimpress Learnpress The LearnPress – WordPress LMS Plugin plugin for WordPress is vulnerable to unauthorized user registration due to a missing capability check on the 'register' function in all versions up to, and including, 4.2.6.8.1. | 5.3 |
| 2024-07-01 | CVE-2024-36995 | Missing Authorization vulnerability in Splunk and Splunk Cloud Platform In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.200 and 9.1.2308.207, a low-privileged user that does not hold the admin or power Splunk roles could create experimental items. | 3.5 |
| 2024-07-01 | CVE-2024-6375 | Missing Authorization vulnerability in Mongodb A command for refining a collection shard key is missing an authorization check. | 6.5 |
| 2024-06-27 | CVE-2024-3115 | Missing Authorization vulnerability in Gitlab An issue was discovered in GitLab EE affecting all versions starting from 16.0 prior to 16.11.5, starting from 17.0 prior to 17.0.3, and starting from 17.1 prior to 17.1.1, which allows an attacker to access issues and epics without having an SSO session using Duo Chat. | 4.3 |
| 2024-06-25 | CVE-2024-6303 | Missing Authorization vulnerability in Conduit Missing authorization in Client-Server API in Conduit <=0.7.0, allowing for any alias to be removed and added to another room, which can be used for privilege escalation by moving the #admins alias to a room which they control, allowing them to run commands resetting passwords, siging json with the server's key, deactivating users, and more | 8.8 |