CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-49980 HIGH
Best Student Result Management System 1.0 - Unauthenticated Directory Listing
CVSS 7.5
CVE-2023-49979 HIGH
Customer Support System <v1 - Info Disclosure
CVSS 7.5
CVE-2023-52229 MEDIUM
Pdfcrowd Word Replacer Pro <1.0 - Info Disclosure
CVSS 6.5
CVE-2023-6821 MEDIUM
Error Log Viewer by BestWebSoft < 1.1.3 - Unauthenticated Directory Listing
CVSS 6.5
CVE-2023-50898 MEDIUM
sirv < 7.1.2 - Missing Authorization
CVSS 5.4
CVE-2023-6785 MEDIUM
Download Manager <= 3.2.84 - Unauthenticated Arbitrary File Download
CVSS 5.3
CVE-2023-4728 MEDIUM
LadiApp < 4.4 - Authenticated Stored Cross-Site Scripting via LadiPage Key Modification
CVSS 4.3
CVE-2023-4627 MEDIUM
LadiApp WordPress <4.4 - Info Disclosure
CVSS 4.3
CVE-2023-47874 MEDIUM
Perfmatters < 2.1.6 - Missing Authorization
CVSS 5.4
CVE-2023-51692 MEDIUM
CusRev Customer Reviews for WooCommerce <5.38.1 - Info Disclosure
CVSS 4.3
CVE-2023-4895 MEDIUM
GitLab 12.0-16.7.6 16.8-16.8.2 16.9-16.9.0 - Missing Authorization for Environment Details
CVSS 4.3
CVE-2023-40113 MEDIUM
Android - Missing Authorization Leading to Cross-User Message Data Access
CVSS 5.5
CVE-2023-40105 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in ActivityManagerService
CVSS 5.5
CVE-2023-26562 MEDIUM
Zimbra Collaboration <8.8.15-9.0 - Info Disclosure
CVSS 6.5
CVE-2023-6840 MEDIUM
GitLab 16.4-16.6.6, 16.7-16.7.4, 16.8-16.8.1 - Authenticated Protected Branch Rename Bypass
CVSS 6.7
CVE-2023-6985 MEDIUM
10Web AI Assistant < 1.0.18 - Authenticated Arbitrary Plugin Installation via Missing Capability Check
CVSS 6.5
CVE-2023-6959 MEDIUM
Getwid - Gutenberg Blocks <= 2.0.3 - Authenticated Unauthorized Data Modification via recaptcha_api_key_manage
CVSS 4.3
CVE-2023-6700 HIGH
Free GDPR Consent Solution <= 2.0.22 - Authenticated Arbitrary Option Update
CVSS 8.8
CVE-2023-6557 MEDIUM
The Events Calendar <6.2.8.2 - Info Disclosure
CVSS 5.3
CVE-2023-4637 MEDIUM
WPvivid Backup, Migration & Staging <= 0.9.94 - Unauthenticated Sensitive Data Exposure via Restore Function
CVSS 4.3
CVE-2023-47148 MEDIUM
IBM Spectrum Protect Plus 10.1.0-10.1.15.2 - Sensitive Information Exposure via Unsecured Endpoints
CVSS 5.3
CVE-2023-22836 LOW
Guardian < 2.278.0 - Unauthorized Data Exposure via Group Name Change
CVSS 3.5
CVE-2023-1705 HIGH
Forcepoint F|One SmartEdge Agent <1.7.0.230330-554 - Privilege Esca...
CVSS 8.4
CVE-2023-6279 HIGH
Woostify Sites Library <1.4.8 - DoS
CVSS 7.1
CVE-2023-5612 MEDIUM
GitLab < 16.6.6, 16.7 < 16.7.4, 16.8 < 16.8.1 - Unauthorized User Email Exposure via Tags Feed
CVSS 5.3
Details
Vulnerabilities 8,401
Exploit Likelihood High