Vulnerabilities > Missing Authorization

DATE CVE VULNERABILITY TITLE RISK
2023-09-04 CVE-2023-38465 Missing Authorization vulnerability in Google Android 11.0/12.0
In ims service, there is a possible missing permission check.
local
low complexity
google CWE-862
5.5
2023-09-04 CVE-2023-38466 Missing Authorization vulnerability in Google Android 11.0/12.0
In ims service, there is a possible missing permission check.
local
low complexity
google CWE-862
5.5
2023-09-01 CVE-2023-23763 Missing Authorization vulnerability in Github Enterprise Server
An authorization/sensitive information disclosure vulnerability was identified in GitHub Enterprise Server that allowed a fork to retain read access to an upstream repository after its visibility was changed to private.
network
low complexity
github CWE-862
5.3
2023-09-01 CVE-2023-24674 Missing Authorization vulnerability in Bludit 4.0.0
Permissions vulnerability found in Bludit CMS v.4.0.0 allows local attackers to escalate privileges via the role:admin parameter.
local
low complexity
bludit CWE-862
7.8
2023-08-31 CVE-2023-41750 Missing Authorization vulnerability in Acronis Agent
Sensitive information disclosure due to missing authorization.
local
low complexity
acronis CWE-862
5.5
2023-08-31 CVE-2023-2174 Missing Authorization vulnerability in Badgeos
The BadgeOS plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the delete_badgeos_log_entries function in versions up to, and including, 3.7.1.6.
network
low complexity
badgeos CWE-862
4.3
2023-08-31 CVE-2023-3999 Missing Authorization vulnerability in Plugin Waiting
The Waiting: One-click countdowns plugin for WordPress is vulnerable to authorization bypass due to missing capability checks on its AJAX calls in versions up to, and including, 0.6.2.
network
low complexity
plugin CWE-862
4.3
2023-08-25 CVE-2023-40530 Missing Authorization vulnerability in Skylark 6.2.13
Improper authorization in handler for custom URL scheme issue in 'Skylark' App for Android 6.2.13 and earlier and 'Skylark' App for iOS 6.2.13 and earlier allows an attacker to lead a user to access an arbitrary website via another application installed on the user's device.
network
low complexity
skylark CWE-862
4.7
2023-08-24 CVE-2023-38508 Missing Authorization vulnerability in Enalean Tuleap
Tuleap is an open source suite to improve management of software developments and collaboration.
network
low complexity
enalean CWE-862
4.3
2023-08-22 CVE-2020-23793 Missing Authorization vulnerability in Spice-Space Spice-Server 0.14.06El76.1
An issue was discovered in spice-server spice-server-0.14.0-6.el7_6.1.x86_64 of Redhat's VDI product.
network
low complexity
spice-space CWE-862
8.6