CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-42678 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-42677 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-42676 MEDIUM
Android - Local Information Disclosure via Permission Usage Record Write
CVSS 5.5
CVE-2023-42675 MEDIUM
Android - Local Information Disclosure via Permission Usage Record Write
CVSS 5.5
CVE-2023-42674 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-42673 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-42672 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-42671 MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-47870 MEDIUM
wpForo Forum < 2.2.6 - Cross-Site Request Forgery leading to Forced User Logout
CVSS 5.7
CVE-2023-37890 MEDIUM
WPOmnia KB Support - WordPress Help Desk and Knowledge Base <= 1.5.88 - Missing Authorization
CVSS 4.3
CVE-2023-49620 MEDIUM
Apache DolphinScheduler < 3.1.0 - Authenticated Insecure Direct Object Reference in UDF Function Deletion
CVSS 6.5
CVE-2023-49674 MEDIUM
Jenkins NeuVector Vulnerability Scanner < 1.22 - Missing Authorization
CVSS 4.3
CVE-2023-49654 CRITICAL
Jenkins MATLAB Plugin < 2.11.1 - Unauthenticated XML File Parsing via Missing Permission Checks
CVSS 9.8
CVE-2023-49652 LOW
Jenkins Google Compute Engine Plugin < 4.3.17.1 - Missing Authorization for Credential Enumeration
CVSS 2.7
CVE-2023-5737 MEDIUM
Backup & Migration < 1.4.4 - Missing Authorization in AJAX Requests
CVSS 4.3
CVE-2023-5611 MEDIUM
Seraphinite Accelerator < 2.20.32 - Unauthenticated Settings Reset and Import
CVSS 5.3
CVE-2023-5525 MEDIUM
Limit Login Attempts Reloaded < 2.25.26 - Missing Authorization in toggle_auto_update AJAX Action
CVSS 4.3
CVE-2023-30581 HIGH
Node.js 16.0.0-16.20.1 - Authorization Bypass via __proto__ in process.mainModule
CVSS 7.5
CVE-2023-6007 HIGH
UserPro < 5.1.1 - Unauthenticated Missing Authorization
CVSS 7.3
CVE-2023-5419 MEDIUM
Funnelforms Free <= 3.4 - Authenticated Arbitrary Email Sending via fnsf_af2_test_mail Function
CVSS 4.3
CVE-2023-5417 MEDIUM
Funnelforms Free <= 3.4 - Authenticated Unauthorized Data Modification via fnsf_update_category Function
CVSS 4.3
CVE-2023-5416 MEDIUM
Funnelforms Free <= 3.4 - Authenticated Unauthorized Data Modification via fnsf_delete_category Function
CVSS 4.3
CVE-2023-5415 MEDIUM
Funnelforms Free <= 3.4 - Authenticated Unauthorized Data Modification via fnsf_add_category Function
CVSS 4.3
CVE-2023-5411 MEDIUM
Funnelforms Free <= 3.4 - Authenticated Unauthorized Data Modification via fnsf_af2_save_post Function
CVSS 4.3
CVE-2023-5387 MEDIUM
Funnelforms Free <= 3.4 - Authenticated Unauthorized Data Modification via fnsf_af2_trigger_dark_mode Function
CVSS 4.3
Details
Vulnerabilities 8,401
Exploit Likelihood High