The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,401 vulnerabilities with CWE-862
CVE-2023-5949
HIGH
SmartCrawl < 3.8.3 - Unauthenticated Access to Password-Protected Posts
CVSS 7.5
CVE-2023-5056
MEDIUM
Red Hat Service Interconnect - Authenticated Information Disclosure via Skupper Operator
CVSS 6.8
CVE-2023-50976
CRITICAL
redpanda < 23.1.21 and 23.2.x < 23.2.18 - Missing Authorization in Transactions API
CVSS 9.8
CVE-2023-5061
MEDIUM
GitLab <16.4.4-16.6.2 - Info Disclosure
CVSS 4.3
CVE-2023-48375
HIGH
SmartStar Software CWS - Authenticated Privilege Escalation via Missing Authorization
CVSS 8.8
CVE-2023-48676
HIGH
Acronis Cyber Protect Cloud Agent <36943 - Info Disclosure
CVSS 7.1
CVE-2023-50779
MEDIUM
Jenkins PaaSLane Estimate Plugin < 1.0.4 - Missing Authorization
CVSS 4.3
CVE-2023-50769
MEDIUM
Jenkins Nexus Platform Plugin < 3.18.0-03 - Missing Authorization
CVSS 4.3
CVE-2023-50767
MEDIUM
Jenkins Nexus Platform Plugin < 3.18.0-03 - Server-Side Request Forgery via XML Response Parsing
CVSS 5.4
CVE-2023-50765
MEDIUM
Jenkins Scriptler Plugin < 342.v6a_89fd40f466 - Unauthorized Groovy Script Content Read via Script ID
CVSS 4.3
CVE-2023-47573
HIGH
Relyum RELY-PCIe 22.2.1 - Missing Authorization in Web Interface
CVSS 8.8
CVE-2023-48417
CRITICAL
KeyChainActivity App - Privilege Escalation
CVSS 9.8
CVE-2023-6394
HIGH
Quarkus < 3.6.0 - Missing Authorization via WebSocket GraphQL Request
CVSS 7.4
CVE-2023-48402
HIGH
Android - Missing Authorization in ppcfw_enable
CVSS 7.8
CVE-2023-39167
HIGH
SENEC Storage Box - Info Disclosure
CVSS 7.5
CVE-2023-5714
MEDIUM
System Dashboard < 2.8.7 - Authenticated Unauthorized Data Access via sd_db_specs() AJAX Action
CVSS 4.3
CVE-2023-5713
MEDIUM
System Dashboard < 2.8.7 - Authenticated Unauthorized Data Access via sd_option_value()
CVSS 4.3
CVE-2023-5712
MEDIUM
System Dashboard < 2.8.7 - Authenticated Unauthorized Data Access via sd_global_value AJAX Action
CVSS 4.3
CVE-2023-5711
MEDIUM
System Dashboard <= 2.8.7 - Authenticated Sensitive Information Exposure via sd_php_info AJAX Action
CVSS 4.3
CVE-2023-5710
MEDIUM
System Dashboard < 2.8.7 - Authenticated Sensitive Information Exposure via sd_constants AJAX Action
CVSS 4.3
CVE-2023-46354
HIGH
MyPrestaModules <5.2.0 - Info Disclosure
CVSS 7.5
CVE-2023-44113
HIGH
Designed for Reliability - Info Disclosure
CVSS 7.5
CVE-2023-40094
HIGH
Android - Lock Screen Bypass via Missing Permission Check in ActivityTaskManagerService
CVSS 7.8
CVE-2023-40089
HIGH
Android - Missing Authorization in DevicePolicyManagerService Credential Manager Selection
CVSS 7.8
CVE-2023-32855
MEDIUM
Yocto - Missing Authorization Leading to Privilege Escalation
CVSS 6.7
Details
Vulnerabilities
8,401
Exploit Likelihood
High