The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,368 vulnerabilities with CWE-862
CVE-2024-5570
MEDIUM
Simple Photoswipe < 0.1 - Authenticated Missing Authorization in Settings Update
CVSS 6.5
CVE-2024-5864
MEDIUM
Easy Affiliate Links <3.7.3 - Info Disclosure
CVSS 4.3
CVE-2024-5863
MEDIUM
Easy Image Collage <1.13.5 - Info Disclosure
CVSS 5.4
CVE-2024-6071
CRITICAL
PTC Creo Elements/Direct - Command Injection
CVSS 10.0
CVE-2024-22272
MEDIUM
VMware Cloud Director 10.4.x-10.5.x - Authenticated Denial of Service via Organization Disablement
CVSS 4.9
CVE-2024-5820
HIGH
stitionai devika - Unauthenticated Command Execution via WebSocket Connection
CVSS 8.8
CVE-2024-5710
MEDIUM
litellm < 1.40.15 - Unauthenticated Improper Access Control in Team Management Endpoints
CVSS 6.5
CVE-2024-2882
CRITICAL
SDG Technologies PnPSCADA - Unauthenticated RCE
CVE-2024-3115
MEDIUM
GitLab EE <16.11.5-17.1.1 - Info Disclosure
CVSS 4.3
CVE-2024-6303
CRITICAL
Conduit <=0.7.0 - Privilege Escalation
CVSS 9.9
CVE-2024-3249
MEDIUM
Zita Elementor Site Library <1.6.2 - Info Disclosure
CVSS 4.3
CVE-2024-37111
HIGH
WishList Member X < 3.26.7 - Unauthenticated Denial of Service
CVSS 7.5
CVE-2024-6120
MEDIUM
Sparkle Demo Importer <= 1.4.7 - Authenticated Database Reset and Demo Data Import via Missing Capability Check
CVSS 6.5
CVE-2024-3961
MEDIUM
ConvertKit <= 2.4.9 - Unauthenticated Data Modification via tag_subscriber
CVSS 5.3
CVE-2024-3610
MEDIUM
WP Child Theme Generator <= 1.1.1 - Unauthenticated Arbitrary Child Theme Creation
CVSS 5.3
CVE-2024-1955
MEDIUM
Hide Dashboard Notifications <1.4 - Info Disclosure
CVSS 4.3
CVE-2024-1639
MEDIUM
License Manager for WooCommerce <= 3.0.6 - Authenticated Arbitrary License Key Exposure via Missing Capability Check
CVSS 6.5
CVE-2024-3627
MEDIUM
Wheel of Life < 1.1.7 - Authenticated Arbitrary Post Deletion & Settings Modification
CVSS 5.4
CVE-2024-3602
MEDIUM
Promolayer Popup Builder <= 1.1.0 - Authenticated Plugin Settings Update via Missing Capability Check
CVSS 4.3
CVE-2024-34444
HIGH
ThemePunch OHG Slider Revolution <6.7.0 - Info Disclosure
CVSS 7.1
CVE-2024-5768
MEDIUM
MIMO Woocommerce Order Tracking <1.0.2 - Info Disclosure
CVSS 6.4
CVE-2024-4450
MEDIUM
AliExpress Dropshipping - Privilege Escalation
CVSS 6.3
CVE-2024-38506
MEDIUM
JetBrains YouTrack <2024.2.34646 - Privilege Escalation
CVSS 6.3
CVE-2024-38504
MEDIUM
JetBrains YouTrack <2024.2.34646 - Info Disclosure
CVSS 4.3
CVE-2024-5899
LOW
Bazel for IntelliJ CLion and Android Studio < 2024.06.04.0.2 - Missing Authorization for Project Import
CVSS 3.3
Details
Vulnerabilities
8,368
Exploit Likelihood
High