Tag
WeKan Missing Authorization Vulnerability in Integration REST API
2 rules 1 TTP 1 CVE 4 IOCsWeKan before 8.35 contains a missing authorization vulnerability in the Integration REST API endpoints, allowing authenticated board members to perform administrative actions without proper privilege verification, potentially leading to unauthorized data access and modification.
Gravity SMTP Plugin Missing Authorization Vulnerability (CVE-2026-4162)
2 rules 1 TTP 1 CVEThe Gravity SMTP plugin for WordPress is vulnerable to Missing Authorization, allowing authenticated attackers with subscriber-level access or higher to uninstall/deactivate the plugin and delete plugin options, and is also exploitable via Cross-Site Request Forgery.
SimpleHelp Missing Authorization Vulnerability Leads to Privilege Escalation
2 rules 1 TTP 1 CVEA missing authorization vulnerability in SimpleHelp (CVE-2024-57726) allows low-privileged technicians to create API keys with excessive permissions, potentially escalating privileges to the server admin role.