The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,401 vulnerabilities with CWE-862
CVE-2023-5386
MEDIUM
Funnelforms Free <= 3.4 - Authenticated Arbitrary Post Deletion via Missing Capability Check
CVSS 6.5
CVE-2023-5385
MEDIUM
Funnelforms Free <= 3.4 - Authenticated Arbitrary Post Duplication via Missing Capability Check
CVSS 4.3
CVE-2023-5314
MEDIUM
WP EXtra <6.2 - Privilege Escalation
CVSS 4.3
CVE-2023-4686
MEDIUM
WP Customer Reviews <3.6.6 - Info Disclosure
CVSS 4.3
CVE-2023-2448
MEDIUM
UserPro < 5.1.4 - Unauthenticated Arbitrary Shortcode Execution via userpro_shortcode_template Function
CVSS 6.5
CVE-2023-47757
MEDIUM
AWeber Plugin <= 7.3.9 - Missing Authorization & CSRF
CVSS 4.3
CVE-2023-39544
HIGH
EXPRESSCLUSTER X 5.1 and earlier - Authenticated Remote Code Execution
CVSS 8.8
CVE-2023-48222
HIGH
Rundeck 4.12.0-4.17.2 - Authenticated Missing Authorization for Job Access
CVSS 8.1
CVE-2023-47112
MEDIUM
Rundeck 4.17.0-4.17.2 - Authenticated Missing Authorization for Job List Endpoints
CVSS 4.3
CVE-2023-6020
HIGH
Ray < 2.8.1 - Unauthenticated Local File Inclusion via Static Directory
CVSS 7.5
CVE-2023-6038
HIGH
h2o-3 3.40.0.4 - Unauthenticated Local File Inclusion via ImportFiles and ParseSetup Endpoints
CVSS 7.5
CVE-2023-4723
MEDIUM
Elementor Addon Elements <1.12.7 - Info Disclosure
CVSS 5.3
CVE-2023-6001
MEDIUM
YugabyteDB 2.0.0-2.18.3.0 - Unauthenticated Prometheus Metrics Exposure
CVSS 5.3
CVE-2023-5506
MEDIUM
ImageMapper < 1.2.6 - Authenticated Arbitrary Post Deletion via Missing Capability Check
CVSS 5.4
CVE-2023-43885
HIGH
Tenda RX9 Pro Firmware <22.03.02.20 - DoS
CVSS 8.1
CVE-2023-5454
HIGH
Templately < 2.2.6 - Unauthenticated Arbitrary Post Deletion via saved-templates/delete REST API
CVSS 7.5
CVE-2023-4700
LOW
GitLab 14.7-16.3.5, 16.4-16.4.1, 16.5 - Missing Authorization for Protected Environment Job Execution
CVSS 3.5
CVE-2023-36621
CRITICAL
Boomerang Parental Control <13.83 - Info Disclosure
CVSS 9.1
CVE-2023-46352
HIGH
PrestaShop facebookconversiontrackingplus <2.4.9 - Info Disclosure
CVSS 7.5
CVE-2023-43194
MEDIUM
Submitty <v22.06.00 - Info Disclosure
CVSS 5.3
CVE-2023-42655
MEDIUM
Android - Missing Authorization in SIM Service
CVSS 6.7
CVE-2023-42654
MEDIUM
Android - Local Information Disclosure via Missing Permission Check in dm Service
CVSS 5.5
CVE-2023-42652
MEDIUM
Android - Missing Authorization in EngineerMode
CVSS 5.5
CVE-2023-42651
MEDIUM
Android - Unauthenticated Local Information Disclosure via Engineermode
CVSS 5.5
CVE-2023-42650
MEDIUM
Android - Unauthenticated Local Information Disclosure via Engineermode
CVSS 5.5
Details
Vulnerabilities
8,401
Exploit Likelihood
High