The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,361 vulnerabilities with CWE-862
CVE-2024-49293
MEDIUM
RexTheme WP VR <= 8.5.4 - Missing Authorization
CVSS 4.3
CVE-2024-49273
MEDIUM
ProfileGrid <= 5.9.3 - Missing Authorization
CVSS 4.3
CVE-2024-49325
MEDIUM
wpdiscover Photo Gallery Builder < 3.0 - Missing Authorization to Notice Dismissal
CVSS 4.3
CVE-2024-10078
MEDIUM
WP Easy Post Types <1.4.4 - Privilege Escalation
CVSS 6.3
CVE-2024-9364
MEDIUM
SendGrid for WordPress <= 1.4 - Authenticated Log Deletion via Missing Capability Check
CVSS 4.3
CVE-2024-9361
MEDIUM
Bulk Images Optimizer <= 2.0.1 - Authenticated Arbitrary Plugin Option Modification
CVSS 4.3
CVE-2024-20463
MEDIUM
Cisco ATA 190 Series - Unauthenticated RCE
CVSS 5.4
CVE-2024-45461
MEDIUM
Apache CloudStack <4.18.2.3 & <4.19.1.1 - Privilege Escalation
CVSS 5.7
CVE-2024-9891
MEDIUM
Contact Form 7 <2.8.1 - Privilege Escalation
CVSS 4.3
CVE-2024-38190
HIGH
Power Platform - Unauthenticated Sensitive Information Exposure via Network Attack
CVSS 8.6
CVE-2024-21254
HIGH
Oracle BI Publisher 7.0.0.0.0, 7.6.0.0.0, 12.2.1.4.0 - Missing Authorization via Web Server
CVSS 8.8
CVE-2024-21252
HIGH
Oracle Product Hub 12.2.3-12.2.13 - Missing Authorization in Item Catalog
CVSS 8.1
CVE-2024-21250
HIGH
Oracle Process Manufacturing 12.2.13-12.2.14 Missing Authorization in Quality Manager
CVSS 8.1
CVE-2024-21246
HIGH
Oracle Service Bus 12.2.1.4.0 - Unauthenticated Missing Authorization via HTTP
CVSS 7.5
CVE-2024-21234
HIGH
Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Missing Authorization via T3, IIOP
CVSS 7.5
CVE-2024-21216
CRITICAL
Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Remote Code Execution via T3, IIOP
CVSS 9.8
CVE-2024-21215
HIGH
Oracle WebLogic Server 12.2.1.4.0 and 14.1.1.0.0 - Unauthenticated Denial of Service via HTTP
CVSS 7.5
CVE-2024-45732
HIGH
Splunk Enterprise < 9.3.1, 9.2.0-9.2.3 & Splunk Cloud Platform < 9.2.2403.103 - Missing Authorization
CVSS 7.1
CVE-2024-9756
MEDIUM
Order Attachments for WooCommerce 2.0-2.4.1 - Authenticated Arbitrary File Upload via wcoa_add_attachment AJAX Action
CVSS 4.3
CVE-2024-9824
MEDIUM
ImagePress - Image Gallery <1.2.2 - Privilege Escalation
CVSS 4.3
CVE-2024-9187
MEDIUM
Read more By Adam <1.1.8 - Info Disclosure
CVSS 4.3
CVE-2024-9860
MEDIUM
Bridge Core <3.3 - Privilege Escalation
CVSS 5.4
CVE-2024-9707
CRITICAL
Hunk Companion <= 1.8.4 - Unauthenticated Arbitrary Plugin Installation and Activation via REST API
CVSS 9.8
CVE-2024-9587
MEDIUM
Linkz.ai <= 1.1.8 - Authenticated Unauthorized Data Modification via ajax_linkz Function
CVSS 5.4
CVE-2024-9586
MEDIUM
linkz.ai <= 1.1.8 - Unauthenticated Data Modification via Missing Capability Check
CVSS 6.5
Details
Vulnerabilities
8,361
Exploit Likelihood
High