CWE-862 <span class="text-2xl md:text-3xl font-bold ml-2" style="color:var(--text-secondary)">— Missing Authorization

CVE-2024-47308MEDIUMCVSS 6.5EG 6.5

Missing Authorization vulnerability in Shahjahan Jewel Fluent Support fluent-support allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Fluent Support: from n/a through <= 1.8.0.

CVE-2024-47311MEDIUMCVSS 5.3EG 5.3

Missing Authorization vulnerability in WPDeveloper Templately templately.This issue affects Templately: from n/a through <= 3.1.2.

CVE-2024-47314HIGHCVSS 7.1EG 7.1

Missing Authorization vulnerability in Kraft Plugins Wheel of Life wheel-of-life allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Wheel of Life: from n/a through <= 1.1.8.

CVE-2024-47317MEDIUMCVSS 4.3EG 4.3

Missing Authorization vulnerability in sunshinephotocart Sunshine Photo Cart sunshine-photo-cart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Sunshine Photo Cart: from n/a through <= 3.2.8.

CVE-2024-47318MEDIUMCVSS 4.3EG 4.3

Missing Authorization vulnerability in Ads by WPQuads Ads by WPQuads quick-adsense-reloaded.This issue affects Ads by WPQuads: from n/a through <= 2.0.84.

CVE-2024-47321MEDIUMCVSS 6.5EG 6.5

Missing Authorization vulnerability in Magazine3 PWA for WP & AMP pwa-for-wp.This issue affects PWA for WP & AMP: from n/a through <= 1.7.72.

CVE-2024-47330MEDIUMCVSS 4.3EG 4.3

Missing Authorization vulnerability in Fahad Mahmood WP Datepicker wp-datepicker.This issue affects WP Datepicker: from n/a through <= 2.1.1.

2024-09-26

Missing Authorization vulnerability in Supsystic Slider by Supsystic, Supsystic Social Share Buttons by Supsystic.This issue affects Slider by Supsystic: from n/a through 1.8.6; Social Share Buttons by Supsystic: from n/a through 2.2.9.

CVE-2024-47337MEDIUMCVSS 4.3EG 4.3

2024-09-26

Missing Authorization vulnerability in Phillip Dane Joy Of Text Lite joy-of-text.This issue affects Joy Of Text Lite: from n/a through <= 2.3.1.

CVE-2024-47358MEDIUMCVSS 5.3EG 5.3

CVE-2024-47361MEDIUMCVSS 6.5EG 6.5

Missing Authorization vulnerability in Daniel Iser Popup Maker popup-maker.This issue affects Popup Maker: from n/a through <= 1.19.2.

CVE-2024-47362MEDIUMCVSS 4.3EG 4.3

Missing Authorization vulnerability in WPVibes Elementor Addon Elements addon-elements-for-elementor-page-builder.This issue affects Elementor Addon Elements: from n/a through <= 1.13.6.

CVE-2024-4744MEDIUMCVSS 5.3EG 5.3

Missing Authorization vulnerability in WP Chill Strong Testimonials strong-testimonials.This issue affects Strong Testimonials: from n/a through <= 3.1.16.

2024-06-10

Missing Authorization vulnerability in Avirtum iPages Flipbook.This issue affects iPages Flipbook: from n/a through 1.5.1.

CVE-2024-4745MEDIUMCVSS 4.3EG 4.3

2024-06-10

Missing Authorization vulnerability in RafflePress Giveaways and Contests by RafflePress.This issue affects Giveaways and Contests by RafflePress: from n/a through 1.12.4.

CVE-2024-4746MEDIUMCVSS 4.3EG 4.3

2024-06-10

Missing Authorization vulnerability in netgsm Netgsm netgsm allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Netgsm: from n/a through <= 2.9.32.

CVE-2024-47581MEDIUMCVSS 4.3EG 4.3

2024-12-10

SAP HCM Approve Timesheets Version 4 application does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges.There is low impact on integrity of the application. Confidentiality and avai…

CVE-2024-47585MEDIUMCVSS 4.3EG 4.3

2024-12-10

SAP NetWeaver Application Server for ABAP and ABAP Platform allows an authenticated attacker to gain higher access levels than they should have by exploiting improper authorization checks, resulting in privilege escalation. While authoriza…

CVE-2024-47587LOWCVSS 3.5EG 3.5

2024-11-12

Cash Operations does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges causing low impact to confidentiality to the application.

CVE-2024-47768HIGHCVSS 8.1EG 8.1

2024-10-04

Lif Authentication Server is a server used by Lif to do various tasks regarding Lif accounts. This vulnerability has to do with the account recovery system where there does not appear to be a check to make sure the user has been sent the r…

CVE-2024-47790HIGHCVSS 8.7EG 8.7

2024-10-04

** UNSUPPORTED WHEN ASSIGNED ** This vulnerability exists in D3D Security IP Camera D8801 due to usage of insecure Real-Time Streaming Protocol (RTSP) version for live video streaming. A remote attacker could exploit this vulnerability by…

CVE-2024-4788MEDIUMCVSS 4.3EG 4.3

2024-06-06

The Boostify Header Footer Builder for Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the create_bhf_post function in all versions up to, and including, 1.3.5. This ma…

CVE-2024-48039MEDIUMCVSS 4.3EG 4.3

CVE-2024-48044MEDIUMCVSS 5.4EG 5.4

Missing Authorization vulnerability in Imran Tauqeer CubeWP cubewp-framework allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects CubeWP: from n/a through <= 1.1.15.

CVE-2024-48045MEDIUMCVSS 4.3EG 4.3

Missing Authorization vulnerability in ShortPixel ShortPixel Image Optimizer shortpixel-image-optimiser allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects ShortPixel Image Optimizer: from n/a through…

CVE-2024-48073CRITICALCVSS 9.8EG 9.8

Missing Authorization vulnerability in HappyMonster Happy Addons for Elementor happy-elementor-addons allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Happy Addons for Elementor: from n/a through <…

2024-11-08

sunniwell HT3300 before 1.0.0.B022.2 is vulnerable to Insecure Permissions. The /usr/local/bin/update program, which is responsible for updating the software in the HT3300 device, is given the execution mode of sudo NOPASSWD. This program …

CVE-2024-48538CRITICALCVSS 9.8EG 9.8

CVE-2024-4858MEDIUMCVSS 5.3EG 5.3

Incorrect access control in the firmware update and download processes of Neye3C v4.5.2.0 allows attackers to access sensitive information by analyzing the code and data within the APK file.

2024-05-25

The Testimonial Carousel For Elementor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_testimonials_option_callback' function in versions up to, and including, 10.2.0. …

CVE-2024-48645HIGHCVSS 7.5EG 7.5

CVE-2024-4875MEDIUMCVSS 4.3EG 4.3

In Minecraft mod "Command Block IDE" up to and including version 0.4.9, a missing authorization (CWE-862) allows any user to modify "function" files used by the game when installed on a dedicated server.

2024-05-21

The HT Mega – Absolute Addons For Elementor plugin for WordPress is vulnerable to unauthorized modification of data|loss of data due to a missing capability check on the 'ajax_dismiss' function in versions up to, and including, 2.5.2. Th…

CVE-2024-4888HIGHCVSS 8.1EG 8.1

2024-06-06

BerriAI's litellm, in its latest version, is vulnerable to arbitrary file deletion due to improper input validation on the `/audio/transcriptions` endpoint. An attacker can exploit this vulnerability by sending a specially crafted request …

CVE-2024-48898MEDIUMCVSS 4.3EG 4.3

2024-11-18

A vulnerability was found in Moodle. Users with access to delete audiences from reports could delete audiences from other reports that they do not have permission to delete from.

CVE-2024-48902MEDIUMCVSS 5.4EG 5.4

2024-10-10

In JetBrains YouTrack before 2024.3.46677 improper access control allowed users with project update permission to delete applications via API

CVE-2024-48932MEDIUMCVSS 5.3EG 5.3

CVE-2024-4898CRITICALCVSS 9.8EG 9.8

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In versions below 1.5.0, the API endpoint `http://<Server-ip>/v1/users/name` allows unauthenticated users to access sensitive information, such …

2024-06-12

The InstaWP Connect – 1-click WP Staging & Migration plugin for WordPress is vulnerable to arbitrary option updates due to a missing authorization checks on the REST API calls in all versions up to, and including, 0.1.0.38. This makes it…

CVE-2024-49273MEDIUMCVSS 4.3EG 4.3

CVE-2024-49293MEDIUMCVSS 4.3EG 4.3

Missing Authorization vulnerability in Metagauss ProfileGrid profilegrid-user-profiles-groups-and-communities.This issue affects ProfileGrid : from n/a through <= 5.9.3.

CVE-2024-49321MEDIUMCVSS 4.3EG 4.3

Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through <= 8.5.4.

CVE-2024-49325MEDIUMCVSS 4.3EG 4.3

Missing Authorization vulnerability in colorlibplugins Simple Custom Post Order simple-custom-post-order allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Custom Post Order: from n/a through …

2024-10-20

Missing Authorization vulnerability in wpdiscover Photo Gallery Builder photo-gallery-builder allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Photo Gallery Builder: from n/a through <= 3.0.

CVE-2024-49357HIGHCVSS 7.5EG 7.5

CVE-2024-49367HIGHCVSS 7.5EG 7.5

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.2.4 and all prior versions, the API endpoints in ZimaOS, such as `http://<Server-IP>/v1/users/image?path=/var/lib/casaos/1/app_orde…

CVE-2024-4958HIGHCVSS 7.1EG 7.1

Nginx UI is a web user interface for the Nginx web server. Prior to version 2.0.0-beta.36, the log path of nginxui is controllable. This issue can be combined with the directory traversal at `/api/configs` to read directories and file cont…

2024-06-01

The User Registration – Custom Registration Form, Login Form, and User Profile WordPress Plugin plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'import_form_action' functio…

CVE-2024-49581MEDIUMCVSS 6.5EG 6.5

2024-12-02

Restricted Views backed objects (OSV1) could be bypassed under specific circumstances due to a software bug, this could have allowed users that didn't have permission to see such objects to view them via Object Explorer directly. This soft…

CVE-2024-49596MEDIUMCVSS 5.9EG 5.9

2024-11-26

Dell Wyse Management Suite, version WMS 4.4 and prior, contain a Missing Authorization vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Denial of service and arbitrary fi…

CVE-2024-49657HIGHCVSS 7.7EG 7.7

2024-10-23

Missing Authorization vulnerability in Renata Bracichowicz 3D Work In Progress renee-work-in-progress allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 3D Work In Progress: from n/a through <= 1.0.3.

CVE-2024-49680MEDIUMCVSS 4.3EG 4.3

2024-11-19

Missing Authorization vulnerability in RexTheme WP VR wpvr allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP VR: from n/a through <= 8.5.5.

CVE-2024-49683MEDIUMCVSS 5.3EG 5.3