The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,401 vulnerabilities with CWE-862
CVE-2023-42678
MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-42677
MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-42676
MEDIUM
Android - Local Information Disclosure via Permission Usage Record Write
CVSS 5.5
CVE-2023-42675
MEDIUM
Android - Local Information Disclosure via Permission Usage Record Write
CVSS 5.5
CVE-2023-42674
MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-42673
MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-42672
MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-42671
MEDIUM
Android - Local Information Disclosure via Missing Permission Check in imsservice
CVSS 5.5
CVE-2023-47870
MEDIUM
wpForo Forum < 2.2.6 - Cross-Site Request Forgery leading to Forced User Logout
CVSS 5.7
CVE-2023-37890
MEDIUM
WPOmnia KB Support - WordPress Help Desk and Knowledge Base <= 1.5.88 - Missing Authorization
CVSS 4.3
CVE-2023-49620
MEDIUM
Apache DolphinScheduler < 3.1.0 - Authenticated Insecure Direct Object Reference in UDF Function Deletion
CVSS 6.5
CVE-2023-49674
MEDIUM
Jenkins NeuVector Vulnerability Scanner < 1.22 - Missing Authorization
CVSS 4.3
CVE-2023-49654
CRITICAL
Jenkins MATLAB Plugin < 2.11.1 - Unauthenticated XML File Parsing via Missing Permission Checks
CVSS 9.8
CVE-2023-49652
LOW
Jenkins Google Compute Engine Plugin < 4.3.17.1 - Missing Authorization for Credential Enumeration
CVSS 2.7
CVE-2023-5737
MEDIUM
Backup & Migration < 1.4.4 - Missing Authorization in AJAX Requests
CVSS 4.3
CVE-2023-5611
MEDIUM
Seraphinite Accelerator < 2.20.32 - Unauthenticated Settings Reset and Import
CVSS 5.3
CVE-2023-5525
MEDIUM
Limit Login Attempts Reloaded < 2.25.26 - Missing Authorization in toggle_auto_update AJAX Action
CVSS 4.3
CVE-2023-30581
HIGH
Node.js 16.0.0-16.20.1 - Authorization Bypass via __proto__ in process.mainModule
CVSS 7.5
CVE-2023-6007
HIGH
UserPro < 5.1.1 - Unauthenticated Missing Authorization
CVSS 7.3
CVE-2023-5419
MEDIUM
Funnelforms Free <= 3.4 - Authenticated Arbitrary Email Sending via fnsf_af2_test_mail Function
CVSS 4.3
CVE-2023-5417
MEDIUM
Funnelforms Free <= 3.4 - Authenticated Unauthorized Data Modification via fnsf_update_category Function
CVSS 4.3
CVE-2023-5416
MEDIUM
Funnelforms Free <= 3.4 - Authenticated Unauthorized Data Modification via fnsf_delete_category Function
CVSS 4.3
CVE-2023-5415
MEDIUM
Funnelforms Free <= 3.4 - Authenticated Unauthorized Data Modification via fnsf_add_category Function
CVSS 4.3
CVE-2023-5411
MEDIUM
Funnelforms Free <= 3.4 - Authenticated Unauthorized Data Modification via fnsf_af2_save_post Function
CVSS 4.3
CVE-2023-5387
MEDIUM
Funnelforms Free <= 3.4 - Authenticated Unauthorized Data Modification via fnsf_af2_trigger_dark_mode Function
CVSS 4.3
Details
Vulnerabilities
8,401
Exploit Likelihood
High