The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,365 vulnerabilities with CWE-862
CVE-2024-40652
HIGH
Android - Local Privilege Escalation via Settings Homepage Activity
CVSS 7.8
CVE-2024-40650
HIGH
Android - Missing Authorization Leading to Factory Reset Protection Bypass
CVSS 7.8
CVE-2024-45591
MEDIUM
XWiki 1.8-15.10.8 - Unauthenticated Exposure of Private Personal Information via REST API
CVSS 5.3
CVE-2024-45393
MEDIUM
Computer Vision Annotation Tool 2.3.0-2.17.9 - Missing Authorization for Webhook Delivery Information
CVSS 6.4
CVE-2024-8369
MEDIUM
EventPrime - Events Calendar - Info Disclosure
CVSS 5.3
CVE-2024-45285
MEDIUM
SAP NetWeaver ABAP RFC Module - User Denial of Service
CVSS 5.4
CVE-2024-45284
LOW
SAP Student Life Cycle Management - Authenticated Privilege Escalation via Unrestricted SLCM Transaction Functions
CVSS 2.4
CVE-2024-44117
MEDIUM
SAP NetWeaver Application Server for ABAP and ABAP Platform - Missing Authorization in RFC Function Module
CVSS 5.4
CVE-2024-45286
MEDIUM
SAP Production and Revenue Accounting - Info Disclosure
CVSS 6.5
CVE-2024-44112
MEDIUM
SAP for Oil & Gas (Transportation and Distribution) - Authenticated Missing Authorization Check
CVSS 4.3
CVE-2024-41728
LOW
SAP NetWeaver Application Server ABAP - Missing Authorization Check for Package Object Access
CVSS 2.7
CVE-2024-44116
MEDIUM
SAP NetWeaver Application Server for ABAP and ABAP Platform - Missing Authorization in RFC Function Module
CVSS 4.3
CVE-2024-44115
MEDIUM
SAP NetWeaver Application Server for ABAP and ABAP Platform - Missing Authorization in RFC Function Module
CVSS 4.3
CVE-2024-44113
MEDIUM
SAP Business Warehouse - Info Disclosure
CVSS 4.3
CVE-2024-42380
MEDIUM
SAP NetWeaver Application Server for ABAP and ABAP Platform - Missing Authorization in RFC Function Module
CVSS 4.3
CVE-2024-42371
MEDIUM
SAP NetWeaver Application Server for ABAP and ABAP Platform - Missing Authorization in RFC Function Module
CVSS 5.4
CVE-2024-41729
MEDIUM
SAP NetWeaver BW (BEx Analyzer) - Authenticated Information Disclosure via Missing Authorization Checks
CVSS 4.3
CVE-2024-8042
LOW
Rapid7 Insight Platform - Info Disclosure
CVSS 2.4
CVE-2024-40709
HIGH
Unknown Product <Version> - Privilege Escalation
CVSS 7.8
CVE-2024-44408
HIGH
D-Link DIR-823G v1.0.2B05_20181207 - Unauthenticated Information Disclosure via Configuration File Download
CVSS 7.5
CVE-2024-7622
MEDIUM
Revision Manager TMC <= 2.8.19 - Authenticated Arbitrary Email Sending via _a_ajaxQuickEmailTestCallback
CVSS 4.3
CVE-2024-1744
HIGH
Accord ORS < 7.3.2.1 - Authorization Bypass and Sensitive Data Exposure
CVSS 7.5
CVE-2024-8427
MEDIUM
Frontend Post Submission Manager Lite - Info Disclosure
CVSS 4.3
CVE-2024-8480
HIGH
Sirv plugin <7.2.7 - Info Disclosure
CVSS 8.8
CVE-2024-44082
MEDIUM
OpenStack Ironic <21.4.3, >=22.0.0 <23.0.2, >=23.1.0 <24.1.2, >=25....
CVSS 4.3
Details
Vulnerabilities
8,365
Exploit Likelihood
High