The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,394 vulnerabilities with CWE-862
CVE-2024-1124
MEDIUM
EventPrime - Events Calendar - Auth Bypass
CVSS 4.3
CVE-2024-1123
MEDIUM
EventPrime - Events Calendar - Info Disclosure
CVSS 6.5
CVE-2024-2298
MEDIUM
WordPress Affiliate Plugin <3.5.4 - Privilege Escalation
CVSS 4.3
CVE-2024-1851
MEDIUM
affiliate-toolkit < 3.5.4 - Authenticated Missing Authorization in atkp_create_list()
CVSS 6.3
CVE-2024-23230
MEDIUM
macOS < 12.7.4, < 13.6.5, < 14.4 - Unprotected User Data Exposure via File Handling Issue
CVSS 5.5
CVE-2024-28230
MEDIUM
JetBrains YouTrack < 2024.1.25893 - Missing Authorization for Workflow Attachment/Detachment
CVSS 6.5
CVE-2024-1170
HIGH
WordPress UGC <2.8.7 - Info Disclosure
CVSS 8.2
CVE-2024-1169
HIGH
WordPress BuddyForms <2.8.7 - Unauth Media Upload
CVSS 7.5
CVE-2024-28216
MEDIUM
nGrinder < 3.5.9 - Missing Authorization for Webhook Request Results
CVSS 5.4
CVE-2024-28215
HIGH
nGrinder < 3.5.9 - Unauthenticated Webhook Configuration Manipulation
CVSS 7.5
CVE-2024-2216
HIGH
Jenkins docker-build-step Plugin <2.11 - Privilege Escalation
CVSS 8.8
CVE-2024-28159
MEDIUM
Jenkins Subversion Partial Release Manager Plugin <= 1.0.1 - Missing Authorization
CVSS 4.3
CVE-2024-28155
MEDIUM
Jenkins AppSpider Plugin <= 1.0.16 - Missing Authorization in HTTP Endpoints
CVSS 4.3
CVE-2024-1771
MEDIUM
Total < 2.1.60 - Authenticated Unauthorized Data Modification via total_order_sections()
CVSS 4.3
CVE-2024-1381
MEDIUM
Page Builder Sandwich - Info Disclosure
CVSS 6.5
CVE-2024-1285
MEDIUM
Page Builder Sandwich <= 5.1.0 - Authenticated Arbitrary Content Insertion
CVSS 6.5
CVE-2024-1178
MEDIUM
SportsPress <= 2.7.17 - Unauthenticated Permalink Modification
CVSS 5.3
CVE-2024-1095
MEDIUM
Build & Control Block Patterns - Boost up Gutenberg Editor <= 1.3.5.4 - Unauthenticated Settings Export
CVSS 5.3
CVE-2024-1093
MEDIUM
Change Memory Limit <= 1.0 - Unauthenticated Data Modification via admin_logic Function
CVSS 5.3
CVE-2024-20032
MEDIUM
Android - Missing Authorization in aee Leading to Local Privilege Escalation
CVSS 6.7
CVE-2024-1120
MEDIUM
WooCommerce <2.17.0 - Info Disclosure
CVSS 5.3
CVE-2024-27950
MEDIUM
Sirv CDN and Image Hosting Sirv <= 7.2.0 - Missing Authorization
CVSS 5.4
CVE-2024-27906
MEDIUM
Apache Airflow <2.8.2 - Info Disclosure
CVSS 5.9
CVE-2024-23493
MEDIUM
Mattermost < 8.1.9 and 9.4.0-9.4.1 - Missing Authorization for AD/LDAP Group Details
CVSS 4.3
CVE-2024-1982
MEDIUM
WPvivid <0.9.68 - Unauth SQL Injection/DoS
CVSS 6.5
Details
Vulnerabilities
8,394
Exploit Likelihood
High