Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2023-10-30 CVE-2023-21321 Missing Authorization vulnerability in Google Android
In Package Manager, there is a possible cross-user settings disclosure due to a missing permission check.
local
low complexity
google CWE-862
5.5
2023-10-30 CVE-2023-21328 Missing Authorization vulnerability in Google Android
In Package Installer, there is a possible way to determine whether an app is installed, without query permissions, due to a missing permission check.
local
low complexity
google CWE-862
7.8
2023-10-30 CVE-2023-21329 Missing Authorization vulnerability in Google Android
In Activity Manager, there is a possible way to determine whether an app is installed due to a missing permission check.
local
low complexity
google CWE-862
5.5
2023-10-30 CVE-2023-21340 Missing Authorization vulnerability in Google Android
In Telecomm, there is a possible way to get the call state due to a missing permission check.
local
low complexity
google CWE-862
5.5
2023-10-30 CVE-2023-21341 Missing Authorization vulnerability in Google Android
In Permission Manager, there is a possible way to bypass required permissions due to a missing permission check.
local
low complexity
google CWE-862
7.8
2023-10-30 CVE-2023-5251 Missing Authorization vulnerability in G5Theme Grid Plus 1.3.2
The Grid Plus plugin for WordPress is vulnerable to unauthorized modification of data and loss of data due to a missing capability check on the 'grid_plus_save_layout_callback' and 'grid_plus_delete_callback' functions in versions up to, and including, 1.3.2.
network
low complexity
g5theme CWE-862
5.4
2023-10-26 CVE-2023-30969 Missing Authorization vulnerability in Palantir Tiles
The Palantir Tiles1 service was found to be vulnerable to an API wide issue where the service was not performing authentication/authorization on all the endpoints.
network
low complexity
palantir CWE-862
6.5
2023-10-25 CVE-2023-37910 Missing Authorization vulnerability in Xwiki
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it.
network
low complexity
xwiki CWE-862
8.1
2023-10-25 CVE-2023-43488 Missing Authorization vulnerability in Boschrexroth products
The vulnerability allows a low privileged (untrusted) application to modify a critical system property that should be denied, in order to enable the ADB (Android Debug Bridge) protocol to be exposed on the network, exploiting it to gain a privileged shell on the device without requiring the physical access through USB.
local
low complexity
boschrexroth CWE-862
7.8
2023-10-25 CVE-2023-46652 Missing Authorization vulnerability in Jenkins Lambdatest-Automation
A missing permission check in Jenkins lambdatest-automation Plugin 1.20.9 and earlier allows attackers with Overall/Read permission to enumerate credentials IDs of LAMBDATEST credentials stored in Jenkins.
network
low complexity
jenkins CWE-862
4.3