CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,365 vulnerabilities with CWE-862
CVE-2024-9860 MEDIUM
Bridge Core <3.3 - Privilege Escalation
CVSS 5.4
CVE-2024-9707 CRITICAL
Hunk Companion <= 1.8.4 - Unauthenticated Arbitrary Plugin Installation and Activation via REST API
CVSS 9.8
CVE-2024-9587 MEDIUM
Linkz.ai <= 1.1.8 - Authenticated Unauthorized Data Modification via ajax_linkz Function
CVSS 5.4
CVE-2024-9586 MEDIUM
linkz.ai <= 1.1.8 - Unauthenticated Data Modification via Missing Capability Check
CVSS 6.5
CVE-2024-9234 CRITICAL
GutenKit < 2.1.0 - Unauthenticated Arbitrary File Upload via install-active-plugin Endpoint
CVSS 9.8
CVE-2024-48902 MEDIUM
JetBrains YouTrack < 2024.3.46677 - Unauthorized Application Deletion via API
CVSS 5.4
CVE-2024-9520 MEDIUM
UserPlus < 2.0 - Authenticated Missing Authorization in Admin AJAX Functions
CVSS 6.3
CVE-2024-9067 MEDIUM
Youzify < 1.3.0 - Authenticated Arbitrary Attachment Deletion via Missing Capability Check
CVSS 4.3
CVE-2024-9685 MEDIUM
Notification for Telegram <= 3.3.1 - Authenticated Unauthorized Test Message Sending via nftb_test_action
CVSS 4.3
CVE-2024-9065 MEDIUM
WP Helper Premium <= 4.6.1 - Unauthenticated Email Spoofing via Missing Authorization
CVSS 5.3
CVE-2024-8513 MEDIUM
WordPress QA Analytics - Unauth Info Disclosure
CVSS 5.3
CVE-2024-9671 MEDIUM
Red Hat 3scale API Management Platform 2 - Unauthenticated Information Disclosure via Invoice URL
CVSS 5.3
CVE-2024-42934 MEDIUM
OpenIPMI < 2.0.36 - Denial of Service via Out-of-Bounds Array Access in ipmi_sim
CVSS 5.0
CVE-2024-38179 HIGH
Azure Stack HCI - Privilege Escalation
CVSS 8.8
CVE-2024-8431 MEDIUM
Rbs Image Gallery plugin <3.2.21 - Info Disclosure
CVSS 4.3
CVE-2024-9161 MEDIUM
Rank Math SEO < 1.0.228 - Unauthenticated Metadata Modification and Deletion via Missing Capability Check
CVSS 6.5
CVE-2024-47768 HIGH
Lif Authentication Server <1.7.3 - Info Disclosure
CVSS 8.1
CVE-2024-47790 HIGH
D3D Security IP Camera D8801 - Info Disclosure
CVE-2024-20477 MEDIUM
Cisco Nexus Dashboard <3.2(1e) & Fabric Controller 12.0.0-12.2.1 Authenticated Arbitrary File Upload/Deletion
CVSS 5.4
CVE-2024-20442 MEDIUM
Cisco Nexus Dashboard - Privilege Escalation
CVSS 5.4
CVE-2024-20438 MEDIUM
Cisco Nexus Dashboard <3.2(1e) & Fabric Controller 12.0.0-12.2.2 - Authenticated Arbitrary File Read/Write via REST API
CVSS 6.3
CVE-2024-8430 MEDIUM
Spice Starter Sites <1.2.5 - Info Disclosure
CVSS 5.3
CVE-2024-8675 MEDIUM
Soumettre.fr <2.1.2 - Info Disclosure
CVSS 4.3
CVE-2024-8632 MEDIUM
WordPress KB Support Plugin <= 1.6.6 - Unauthenticated Data Access/Modification
CVSS 6.5
CVE-2024-8548 HIGH
KB Support - WordPress Help Desk - Privilege Escalation
CVSS 8.1
Details
Vulnerabilities 8,365
Exploit Likelihood High