CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,328 vulnerabilities with CWE-285
CVE-2024-3959 MEDIUM
GitLab 16.7-16.11.4, 17.0-17.0.2, 17.1 - Unauthenticated Private Job Artifact Access
CVSS 6.5
CVE-2024-37167 MEDIUM
Tuleap < 15.8-5 and < 15.9.99.97 - Improper Authorization
CVSS 4.3
CVE-2024-37159 LOW
evmos < 18.0.0 - Improper Authorization via Vested Token Validator Creation
CVSS 3.5
CVE-2024-6000 HIGH
FooEvents for WooCommerce <1.19.21 - RCE
CVSS 7.1
CVE-2024-34104 HIGH
Adobe Commerce <2.4.7 - Auth Bypass
CVSS 8.2
CVE-2024-25949 HIGH
Dell Networking OS10 10.5.3.0-10.5.3.10, 10.5.4.x, 10.5.5.x, 10.5.6.x - Authenticated Privilege Escalation
CVSS 8.8
CVE-2024-37154 MEDIUM
evmos - Improper Authorization in ClawbackVestingAccount
CVSS 5.3
CVE-2024-36399 HIGH
kanboard < 1.2.37 - Improper Access Control in ProjectPermissionController
CVSS 8.2
CVE-2024-23670 HIGH
FortiWebManager 6.2.3-6.2.4, 6.3.0, 7.0.0-7.0.4, 7.2.0 - Improper Authorization
CVSS 7.8
CVE-2024-23667 HIGH
FortiWebManager 6.2.3-6.2.4, 6.3.0, 7.0.0-7.0.4, 7.2.0 - Improper Authorization
CVSS 7.8
CVE-2024-23665 MEDIUM
FortiWeb < 6.3.23 - Authenticated Improper Authorization via ADOM Operations
CVSS 5.9
CVE-2024-36108 CRITICAL
casgate < 0.1.0 - Unauthenticated Improper Authorization via ID Parameter Bypass
CVSS 9.8
CVE-2024-3269 MEDIUM
WordPress Download Monitor <4.9.13 - Privilege Escalation
CVSS 5.4
CVE-2024-1803 MEDIUM
EmbedPress < 3.9.12 - Authenticated Unauthorized Access via PDF Embed Block
CVSS 4.3
CVE-2024-0870 MEDIUM
YITH WooCommerce Gift Cards <4.12.0 - Info Disclosure
CVSS 5.3
CVE-2024-4819 MEDIUM
Campcodes Online Laundry Management System 1.0 - Improper Authorization in admin_class.php
CVSS 4.3
CVE-2024-2441 HIGH
VikBooking Hotel Booking Engine & PMS <1.6.8 - Auth Bypass
CVSS 8.1
CVE-2024-28285 CRITICAL
Cryptopp Crypto++ <8.9 - Privilege Escalation
CVSS 9.8
CVE-2024-23576 HIGH
HCL Commerce 9.1.12-9.1.13 - Improper Authorization
CVSS 7.1
CVE-2024-34257 CRITICAL
TOTOLINK EX1800T <V9.1.0cu.2112 - Command Injection
CVSS 9.8
CVE-2024-33749 CRITICAL
dedecms V5.7.114 - Unauthenticated Arbitrary File Deletion via mail_file_manage.php
CVSS 9.1
CVE-2024-32359 MEDIUM
Carina <= 0.13.0 - Improper Authorization
CVSS 6.9
CVE-2024-32881 CRITICAL
Danswer <3.62 - Unauthorized Access
CVSS 9.8
CVE-2024-3840 HIGH
Google Chrome < 124.0.6367.60 - Navigation Restriction Bypass via Site Isolation Policy Enforcement
CVSS 7.5
CVE-2024-21039 MEDIUM
Oracle Complex Maintenance 12.2.3-12.2.13 - Unauthenticated Improper Authorization via LOV
CVSS 6.1
Details
Vulnerabilities 1,328
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits