Vulnerabilities > Missing Authorization
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-11-17 | CVE-2023-39544 | Missing Authorization vulnerability in NEC products CLUSTERPRO X Ver5.1 and earlier and EXPRESSCLUSTER X 5.1 and earlier, CLUSTERPRO X SingleServerSafe 5.1 and earlier, EXPRESSCLUSTER X SingleServerSafe 5.1 and earlier allows a attacker to log in to the product may execute an arbitrary command. | 8.8 |
| 2023-11-16 | CVE-2023-6038 | Missing Authorization vulnerability in H2O A Local File Inclusion (LFI) vulnerability exists in the h2o-3 REST API, allowing unauthenticated remote attackers to read arbitrary files on the server with the permissions of the user running the h2o-3 instance. | 7.5 |
| 2023-11-08 | CVE-2023-6001 | Missing Authorization vulnerability in Yugabyte Yugabytedb Prometheus metrics are available without authentication. | 7.5 |
| 2023-11-07 | CVE-2023-5506 | Missing Authorization vulnerability in Imagemapper Project Imagemapper 1.2.6 The ImageMapper plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'imgmap_delete_area_ajax' function in versions up to, and including, 1.2.6. | 4.3 |
| 2023-11-07 | CVE-2023-43885 | Missing Authorization vulnerability in Tenda RX9 PRO Firmware 22.03.02.10 Missing error handling in the HTTP server component of Tenda RX9 Pro Firmware V22.03.02.20 allows authenticated attackers to arbitrarily lock the device. | 8.1 |
| 2023-11-06 | CVE-2023-5454 | Missing Authorization vulnerability in Templately The Templately WordPress plugin before 2.2.6 does not properly authorize the `saved-templates/delete` REST API call, allowing unauthenticated users to delete arbitrary posts. | 7.5 |
| 2023-11-03 | CVE-2023-36621 | Missing Authorization vulnerability in Nationaledtech Boomerang An issue was discovered in the Boomerang Parental Control application through 13.83 for Android. | 9.1 |
| 2023-11-02 | CVE-2023-43194 | Missing Authorization vulnerability in Rcos Submitty 22.06.00 Submitty before v22.06.00 is vulnerable to Incorrect Access Control. | 5.3 |
| 2023-11-02 | CVE-2023-46352 | Missing Authorization vulnerability in Smartmodules Facebookconversiontrackingplus 2.4.8 In the module "Pixel Plus: Events + CAPI + Pixel Catalog for Facebook Module" (facebookconversiontrackingplus) up to version 2.4.9 from Smart Modules for PrestaShop, a guest can download personal information without restriction. | 7.5 |
| 2023-11-01 | CVE-2023-42631 | Missing Authorization vulnerability in Google Android 11.0/12.0/13.0 In validationtools, there is a possible missing permission check. | 5.5 |