Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,345 vulnerabilities with CWE-862

CVE-2024-7767 HIGH

onyx - Missing Authorization

CVE-2024-7046 MEDIUM

open-webui 0.3.8 - Unauthenticated Admin Details Exposure via /api/v1/auths/admin/details

CVE-2024-7045 MEDIUM

open-webui v0.3.8 - Unauthenticated Prompt Information Disclosure via API Endpoints

CVE-2024-7043 HIGH

open-webui 0.3.8 - Unauthenticated Arbitrary File Read and Delete via API Endpoints

CVE-2024-2292 HIGH

changeweb/unifiedtransform - Unauthenticated Missing Authorization

CVE-2024-13060 MEDIUM

AnythingLLM Docker <1.3.1 - Info Disclosure

CVE-2024-10762 HIGH

lunary < 1.5.9 - Missing Authorization for Evaluator Deletion via /v1/evaluators/ Endpoint

CVE-2024-10363 MEDIUM

LibreChat 0.7.5 - Missing Authorization for Prompt Sharing and Creation

CVE-2024-10330 MEDIUM

lunary < 1.5.7 - Missing Authorization in /v1/evaluators/ Endpoint

CVE-2024-10274 MEDIUM

lunary-ai/lunary <1.5.5 - Info Disclosure

CVE-2024-10272 HIGH

lunary < 1.4.9 - Unauthenticated Dataset Content Exposure via /v1/datasets Endpoint

CVE-2024-12920 HIGH

FoodBakery | Delivery Restaurant Directory WordPress Theme <4.7 - I...

CVE-2024-13412 HIGH

CozyStay - Hotel Booking WordPress Theme <= 1.7.0 - Unauthenticated Arbitrary Action Execution via ajax_handler

CVE-2024-12922 CRITICAL

Altair theme <5.2.4 - Privilege Escalation

CVE-2024-12336 MEDIUM

WC Affiliate <= 2.5.3 - Authenticated Sensitive Data Exposure

CVE-2024-12810 HIGH

JobCareer | Job Board Responsive WordPress Theme <= 7.1 - Authenticated Missing Authorization

CVE-2024-13703 MEDIUM

CRM and Lead Management by vcita <= 2.7.5 - Authenticated Data Modification via vcita_ajax_toggle_ae()

CVE-2024-10326 MEDIUM

RomethemeKit For Elementor <= 1.5.3 - Authenticated Missing Authorization in save_options and reset_widgets Functions

CVE-2024-13816 MEDIUM

Aiomatic <= 2.3.6 - Authenticated Missing Authorization

CVE-2024-12876 CRITICAL

Golo - City Travel Guide WordPress Theme <= 1.6.10 - Unauthenticated Privilege Escalation via Password Update

CVE-2024-12611 MEDIUM

School Management System for Wordpress < 93.0.0 - Unauthenticated Reflected Cross-Site Scripting via Title Parameter

CVE-2024-12610 MEDIUM

School Management System for Wordpress <= 93.0.0 - Unauthenticated Arbitrary Post Deletion via Missing Capability Check

CVE-2024-13655 HIGH

Flex Mag - Responsive WordPress News Theme <3.5.2 - Privilege Escal...

CVE-2024-13526 MEDIUM

EventPrime - Events Calendar - Info Disclosure

CVE-2024-13423 MEDIUM

Sparkling < 2.4.9 - Unauthenticated Arbitrary Plugin Activation/Deactivation via Missing Capability Check

Previous Page 158 of 334 Next

Details

Vulnerabilities 8,345

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy