The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,354 vulnerabilities with CWE-862
CVE-2024-43090
MEDIUM
Multiple Locations - Info Disclosure
CVSS 5.0
CVE-2024-43089
HIGH
MediaProvider <updateInternal> - Privilege Escalation
CVSS 7.8
CVE-2024-43088
HIGH
Android - Missing Authorization in AppInfoBase.java Permission Settings
CVSS 7.8
CVE-2024-43087
HIGH
Android - Missing Authorization in AccessibilitySettings
CVSS 7.8
CVE-2024-40671
HIGH
Devmem Server < - Privilege Escalation
CVSS 7.8
CVE-2024-40661
HIGH
Android - Missing Authorization for Microphone Access in AdminRestrictedPermissionsUtils
CVSS 7.8
CVE-2024-34719
HIGH
Android - Missing Authorization due to Missing Null Check
CVSS 7.8
CVE-2024-8001
MEDIUM
VIWIS LMS 9.11 - Missing Authorization in Print Handler
CVSS 5.3
CVE-2024-10800
HIGH
WordPress User Extra Fields <= 16.6 - Authenticated Privilege Escalation via ajax_save_fields()
CVSS 8.8
CVE-2024-10575
CRITICAL
EcoStruxure IT Gateway - Missing Authorization
CVSS 9.8
CVE-2024-10802
MEDIUM
Hash Elements <= 1.4.7 - Unauthenticated Draft Post Title Disclosure via hash_elements_get_posts_title_by_id()
CVSS 5.3
CVE-2024-10531
MEDIUM
Kognetiks Chatbot for WordPress <= 2.1.7 - Authenticated Data Modification via update_assistant() Function
CVSS 5.3
CVE-2024-10530
MEDIUM
Kognetiks Chatbot for WordPress <= 2.1.7 - Authenticated Unauthorized Data Modification via add_new_assistant()
CVSS 4.3
CVE-2024-10529
MEDIUM
Kognetiks Chatbot for WordPress <= 2.1.7 - Authenticated Arbitrary Assistant Deletion via Missing Capability Check
CVSS 5.3
CVE-2024-9578
MEDIUM
Hide Links <= 1.4.2 - Unauthenticated Arbitrary Shortcode Execution via Comment Text Filter
CVSS 5.3
CVE-2024-10854
MEDIUM
WooCommerce < 2.2.9 - Authenticated Data Modification via buy_one_click_import_options
CVSS 4.3
CVE-2024-10853
MEDIUM
Buy one click WooCommerce <= 2.2.9 - Authenticated Data Modification via removeorder AJAX Action
CVSS 4.3
CVE-2024-10852
MEDIUM
Buy one click WooCommerce <2.2.9 - Info Disclosure
CVSS 4.3
CVE-2024-10717
MEDIUM
Styler for Ninja Forms <= 3.3.4 - Authenticated Arbitrary Option Deletion and DoS via Missing Capability Check
CVSS 6.5
CVE-2024-10629
HIGH
GPX Viewer <= 2.2.9 - Authenticated Arbitrary File Creation via gpxv_file_upload()
CVSS 8.8
CVE-2024-8074
CRITICAL
Nomysoft Informatics Nomysem <13.10.2024 - Info Disclosure
CVE-2024-11125
MEDIUM
GetSimpleCMS 3.3.16 - Cross-Site Request Forgery in Profile Management
CVSS 4.3
CVE-2024-47587
LOW
Cash Operations - Privilege Escalation
CVSS 3.5
CVE-2024-42372
MEDIUM
SAP NetWeaver AS Java - Info Disclosure
CVSS 6.5
CVE-2024-10589
CRITICAL
Leopard - WordPress Offload Media <= 3.1.1 - Authenticated Privilege Escalation via Missing Capability Check
CVSS 9.8
Details
Vulnerabilities
8,354
Exploit Likelihood
High