The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,394 vulnerabilities with CWE-862
CVE-2024-23752
CRITICAL
PandasAI through 1.5.17 - Unauthenticated Remote Code Execution via GenerateSDFPipeline
CVSS 9.8
CVE-2024-0679
MEDIUM
ColorMag <3.1.2 - Privilege Escalation
CVSS 6.5
CVE-2024-0238
MEDIUM
EventON < 2.2.8 - Unauthenticated Arbitrary Post Metadata Update via AJAX Action
CVSS 6.1
CVE-2024-0237
MEDIUM
EventON WordPress Plugin < 2.2.7 - Unauthenticated Missing Authorization in AJAX Actions
CVSS 5.3
CVE-2024-0236
MEDIUM
EventON WordPress Plugin < 2.2.7 - Unauthenticated Information Disclosure via AJAX Action
CVSS 5.3
CVE-2024-0235
MEDIUM
EventON WordPress Plugin < 2.2.7 - Unauthenticated Email Address Disclosure via AJAX Action
CVSS 5.3
CVE-2024-0570
HIGH
Totolink N350RT 9.3.5u.6265 - Improper Access Controls
CVSS 7.3
CVE-2024-0569
MEDIUM
Totolink T8 4.1.5cu.833 - Info Disclosure
CVSS 4.3
CVE-2024-0201
MEDIUM
Product Expiry for WooCommerce <= 2.5 - Authenticated Unauthorized Settings Modification via Missing Capability Check
CVSS 5.4
CVE-2023-32959
MEDIUM
WordPress MetroStore theme <= 1.3.2 - Broken Access Control
CVSS 4.3
CVE-2023-25969
MEDIUM
WordPress Contact Form & Lead Form Elementor Builder plugin <= 1.8.4 - Broken Access Control vulnerability
CVSS 5.4
CVE-2023-54327
CRITICAL
Tinycontrol LAN Controller < 1.58a - Unauthenticated Authentication Bypass via /stm.cgi Endpoint
CVSS 9.8
CVE-2023-41656
MEDIUM
wpdive Better Elementor Addons <1.3.7 - Info Disclosure
CVSS 5.4
CVE-2023-40679
MEDIUM
Jewel Theme Master Addons <2.0.5.3 - Info Disclosure
CVSS 6.5
CVE-2023-28619
MEDIUM
bnayawpguy Resoto <1.0.8 - Info Disclosure
CVSS 4.3
CVE-2023-25446
HIGH
HappyFiles Pro < 1.8.1 - Missing Authorization
CVSS 7.7
CVE-2023-25445
MEDIUM
HappyFiles Pro < 1.8.1 - Missing Authorization
CVSS 5.4
CVE-2023-25068
MEDIUM
Mapro Collins Magazine Edge - Info Disclosure
CVSS 4.3
CVE-2023-53923
CRITICAL
UliCMS 2023.1 - Privilege Escalation
CVSS 9.8
CVE-2023-53740
CRITICAL
Screen SFT DAB Series 1.9.3 - Unauthenticated Authentication Bypass via userManager.cgx Endpoint
CVSS 9.8
CVE-2023-23729
MEDIUM
Brainstorm Force Spectra - Info Disclosure
CVSS 5.4
CVE-2023-7317
HIGH
Nagios XI < 2024R1 - Missing Authorization in Web SSH Terminal
CVSS 8.8
CVE-2023-7306
HIGH
WordPress Frontend File Manager Plugin <21.5 - Info Disclosure
CVSS 7.5
CVE-2023-5600
LOW
GitLab 16.0.0-16.3.5, 16.4.0-16.4.1, 16.5.0 - Missing Authorization for Service-Desk Custom Email Template
CVSS 3.1
CVE-2023-26002
MEDIUM
6Storage Rentals <2.19.5 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities
8,394
Exploit Likelihood
High