The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,365 vulnerabilities with CWE-862
CVE-2024-9860
MEDIUM
Bridge Core <3.3 - Privilege Escalation
CVSS 5.4
CVE-2024-9707
CRITICAL
Hunk Companion <= 1.8.4 - Unauthenticated Arbitrary Plugin Installation and Activation via REST API
CVSS 9.8
CVE-2024-9587
MEDIUM
Linkz.ai <= 1.1.8 - Authenticated Unauthorized Data Modification via ajax_linkz Function
CVSS 5.4
CVE-2024-9586
MEDIUM
linkz.ai <= 1.1.8 - Unauthenticated Data Modification via Missing Capability Check
CVSS 6.5
CVE-2024-9234
CRITICAL
GutenKit < 2.1.0 - Unauthenticated Arbitrary File Upload via install-active-plugin Endpoint
CVSS 9.8
CVE-2024-48902
MEDIUM
JetBrains YouTrack < 2024.3.46677 - Unauthorized Application Deletion via API
CVSS 5.4
CVE-2024-9520
MEDIUM
UserPlus < 2.0 - Authenticated Missing Authorization in Admin AJAX Functions
CVSS 6.3
CVE-2024-9067
MEDIUM
Youzify < 1.3.0 - Authenticated Arbitrary Attachment Deletion via Missing Capability Check
CVSS 4.3
CVE-2024-9685
MEDIUM
Notification for Telegram <= 3.3.1 - Authenticated Unauthorized Test Message Sending via nftb_test_action
CVSS 4.3
CVE-2024-9065
MEDIUM
WP Helper Premium <= 4.6.1 - Unauthenticated Email Spoofing via Missing Authorization
CVSS 5.3
CVE-2024-8513
MEDIUM
WordPress QA Analytics - Unauth Info Disclosure
CVSS 5.3
CVE-2024-9671
MEDIUM
Red Hat 3scale API Management Platform 2 - Unauthenticated Information Disclosure via Invoice URL
CVSS 5.3
CVE-2024-42934
MEDIUM
OpenIPMI < 2.0.36 - Denial of Service via Out-of-Bounds Array Access in ipmi_sim
CVSS 5.0
CVE-2024-38179
HIGH
Azure Stack HCI - Privilege Escalation
CVSS 8.8
CVE-2024-8431
MEDIUM
Rbs Image Gallery plugin <3.2.21 - Info Disclosure
CVSS 4.3
CVE-2024-9161
MEDIUM
Rank Math SEO < 1.0.228 - Unauthenticated Metadata Modification and Deletion via Missing Capability Check
CVSS 6.5
CVE-2024-47768
HIGH
Lif Authentication Server <1.7.3 - Info Disclosure
CVSS 8.1
CVE-2024-47790
HIGH
D3D Security IP Camera D8801 - Info Disclosure
CVE-2024-20477
MEDIUM
Cisco Nexus Dashboard <3.2(1e) & Fabric Controller 12.0.0-12.2.1 Authenticated Arbitrary File Upload/Deletion
CVSS 5.4
CVE-2024-20442
MEDIUM
Cisco Nexus Dashboard - Privilege Escalation
CVSS 5.4
CVE-2024-20438
MEDIUM
Cisco Nexus Dashboard <3.2(1e) & Fabric Controller 12.0.0-12.2.2 - Authenticated Arbitrary File Read/Write via REST API
CVSS 6.3
CVE-2024-8430
MEDIUM
Spice Starter Sites <1.2.5 - Info Disclosure
CVSS 5.3
CVE-2024-8675
MEDIUM
Soumettre.fr <2.1.2 - Info Disclosure
CVSS 4.3
CVE-2024-8632
MEDIUM
WordPress KB Support Plugin <= 1.6.6 - Unauthenticated Data Access/Modification
CVSS 6.5
CVE-2024-8548
HIGH
KB Support - WordPress Help Desk - Privilege Escalation
CVSS 8.1
Details
Vulnerabilities
8,365
Exploit Likelihood
High