The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
1,328 vulnerabilities with CWE-285
CVE-2024-21987
MEDIUM
SnapCenter <5.0 - Privilege Escalation
CVSS 5.4
CVE-2024-21402
HIGH
Microsoft 365 Apps < 2401.17231.20236 - Elevation of Privilege in Outlook
CVSS 7.1
CVE-2024-25108
CRITICAL
Pixelfed 0.10.4-0.11.9 - Insufficient Permission Validation
CVSS 9.9
CVE-2024-25106
CRITICAL
OpenObserve < 0.8.0 - Authenticated Unauthorized User Removal via /api/{org_id}/users/{email_id} Endpoint
CVSS 9.1
CVE-2024-24830
CRITICAL
OpenObserve < 0.8.0 - Authenticated Privilege Escalation via User Creation Endpoint
CVSS 9.9
CVE-2024-23806
MEDIUM
HID iCLASS SE Reader Configuration Cards Firmware - Unauthenticated Sensitive Data Exposure
CVSS 5.3
CVE-2024-22021
MEDIUM
Veeam Recovery Orchestrator - Info Disclosure
CVSS 4.3
CVE-2024-24936
MEDIUM
JetBrains TeamCity <2023.11.2 - Auth Bypass
CVSS 4.3
CVE-2024-23649
HIGH
Lemmy 0.17.0-0.19.1 - Authenticated Private Message Disclosure via Report API
CVSS 7.5
CVE-2024-20979
MEDIUM
Oracle BI Publisher 6.4.0.0.0, 7.0.0.0.0, 12.2.1.4.0 - Unauthorized Data Access via Web Server
CVSS 5.4
CVE-2023-53895
CRITICAL
PimpMyLog 1.7.14 - Unauthenticated Admin Account Creation via Configuration Endpoint
CVSS 9.8
CVE-2023-42973
MEDIUM
iPadOS - Unauthenticated Access to Private Browsing Tabs
CVSS 4.0
CVE-2023-50780
HIGH
Apache ActiveMQ Artemis < 2.29.0 - Authenticated Arbitrary File Write and Remote Code Execution via Log4J2 MBean
CVSS 8.8
CVE-2023-35022
LOW
IBM InfoSphere Information Server 11.7 - Improper Authorization
CVSS 3.3
CVE-2023-41819
MEDIUM
Motorola Face Unlock - Privilege Escalation
CVSS 6.1
CVE-2023-44410
HIGH
D-Link D-View 8 - Authenticated Privilege Escalation via showUsers Method
CVSS 8.8
CVE-2023-32168
HIGH
D-Link D-View 8 < 2.0.1.27 - Authenticated Privilege Escalation via showUser Method
CVSS 8.8
CVE-2023-6731
MEDIUM
WP Show Posts <= 1.1.5 - Authenticated Unauthorized Data Access via Missing Capability Check
CVSS 4.3
CVE-2023-47166
HIGH
Milesight UR32L v32.3.0.7-r2 - Unauthenticated Arbitrary Firmware Update via luci2-io File-Import
CVSS 8.8
CVE-2023-50363
HIGH
QNAP QTS and QuTS hero - Authenticated Authorization Bypass via Network
CVSS 7.4
CVE-2023-5675
MEDIUM
Quarkus < 3.2.10.Final - Improper Authorization in JAX-RS Endpoint Method Handling
CVSS 6.5
CVE-2023-52539
HIGH
Huawei EMUI and HarmonyOS - Improper Authorization in Settings Module
CVSS 7.5
CVE-2023-52359
HIGH
Huawei EMUI and HarmonyOS - Improper Authorization in ActivityTaskManagerService API
CVSS 7.5
CVE-2023-38135
MEDIUM
Intel Performance Maximizer - Privilege Escalation via Improper Authorization
CVSS 6.7
CVE-2023-32967
MEDIUM
QNAP QTS 4.5.4.2627 and QuTScloud < c5.1.5.2651 - Authenticated Improper Authorization
CVSS 5.0
Details
Vulnerabilities
1,328
Exploit Likelihood
High