The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,401 vulnerabilities with CWE-862
CVE-2023-21340
MEDIUM
Android < 14.0 - Unauthenticated Local Information Disclosure via Telecomm Call State
CVSS 5.5
CVE-2023-21329
MEDIUM
Android < 14.0 - Unauthenticated Local Information Disclosure via Activity Manager
CVSS 5.5
CVE-2023-21328
HIGH
Android < 14.0 - Missing Authorization in Package Installer
CVSS 7.8
CVE-2023-21321
MEDIUM
Android < 14.0 - Unauthenticated Cross-User Settings Disclosure via Package Manager
CVSS 5.5
CVE-2023-21313
HIGH
Android < 14.0 - Unauthenticated Local Privilege Escalation via Call Forwarding
CVSS 7.8
CVE-2023-21294
MEDIUM
Android < 14.0 - Unauthenticated Installed Package Information Disclosure via Slice
CVSS 5.5
CVE-2023-5251
MEDIUM
Grid Plus < 1.3.2 - Authenticated Arbitrary Grid Layout Modification via Missing Capability Check
CVSS 5.4
CVE-2023-5426
HIGH
Post Meta Data Manager <1.2.0 - Info Disclosure
CVSS 7.5
CVE-2023-5425
HIGH
Post Meta Data Manager <1.2.0 - Privilege Escalation
CVSS 8.8
CVE-2023-30969
HIGH
Palantir Tiles < 4.326.0 - Unauthenticated Improper Access Control
CVSS 8.2
CVE-2023-5311
HIGH
WP EXtra < 6.3 - Authenticated .htaccess Modification and Remote Code Execution via register() Function
CVSS 8.8
CVE-2023-4606
HIGH
Lenovo ThinkAgile HX Series Firmware - Authenticated Missing Authorization via Crafted API Command
CVSS 8.1
CVE-2023-46652
MEDIUM
Jenkins lambdatest-automation <1.20.9 - Info Disclosure
CVSS 4.3
CVE-2023-43488
HIGH
System Property - Privilege Escalation
CVSS 7.9
CVE-2023-37910
HIGH
XWiki 14.0-14.4.7 - Missing Authorization for Attachment Move
CVSS 8.1
CVE-2023-5132
HIGH
Soisy Pagamento Rateale <6.0.1 - Info Disclosure
CVSS 7.5
CVE-2023-5533
MEDIUM
WPBot AI ChatBot <=4.8.9/4.9.2 - Unauthenticated Authorization Bypass via AJAX
CVSS 5.3
CVE-2023-4941
MEDIUM
BEAR - Bulk Editor and Products Manager Professional for WooCommerce <= 1.1.3.3 - Authenticated Missing Authorization
CVSS 4.3
CVE-2023-4668
MEDIUM
Ad Inserter < 2.7.31 - Unauthenticated Sensitive Information Exposure via ai-debug-processing-fe URL Parameter
CVSS 5.3
CVE-2023-3998
MEDIUM
wpDiscuz <= 7.6.3 - Unauthenticated Data Modification via userRate Function
CVSS 5.3
CVE-2023-3869
MEDIUM
wpDiscuz <= 7.6.3 - Unauthenticated Comment Rating Manipulation via voteOnComment Function
CVSS 5.3
CVE-2023-4947
MEDIUM
WooCommerce EAN Payment Gateway < 6.1.0 - Authenticated Data Modification via refresh_order_ean_data AJAX Action
CVSS 4.3
CVE-2023-4943
MEDIUM
BEAR - Bulk Editor and Products Manager Professional for WooCommerce <= 1.1.3.3 - Missing Authorization
CVSS 4.3
CVE-2023-27792
HIGH
Ixpdata Easyinstall - Missing Authorization
CVSS 7.8
CVE-2023-4645
MEDIUM
Ad Inserter for WordPress <2.7.30 - Info Disclosure
CVSS 5.3
Details
Vulnerabilities
8,401
Exploit Likelihood
High