CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,401 vulnerabilities with CWE-862
CVE-2023-1169 MEDIUM
OoohBoi Steroids for Elementor <2.1.4 - Auth Bypass
CVSS 4.3
CVE-2023-0993 MEDIUM
Shield Security < 17.0.17 - Authenticated Missing Authorization via theme-plugin-file AJAX Action
CVSS 4.3
CVE-2023-0291 HIGH
Quiz And Survey Master <8.0.8 - Auth Bypass
CVSS 7.2
CVE-2023-34234 MEDIUM
OpenZeppelin Contracts 4.3.0-4.9.0 - Missing Authorization in Governor Proposal Creation
CVSS 5.3
CVE-2023-3126 MEDIUM
B2BKing < 4.6.00 - Authenticated Unauthorized Data Access via b2bkingdownloadpricelist Function
CVSS 4.3
CVE-2023-3125 MEDIUM
B2BKing < 4.6.00 - Authenticated Arbitrary Product Price Modification via Missing Capability Check
CVSS 6.5
CVE-2023-3124 HIGH
Elementor Pro <3.11.6 - Privilege Escalation
CVSS 8.8
CVE-2023-33477 MEDIUM
Harmonic NSG 9000-6G - Info Disclosure
CVSS 6.5
CVE-2023-2183 MEDIUM
Grafana 8.0.0-8.5.25 - Unauthenticated Test Alert Abuse via API
CVSS 4.1
CVE-2023-30948 MEDIUM
Foundry Comments <2.249.0 - Info Disclosure
CVSS 6.5
CVE-2023-30915 MEDIUM
Android - Missing Authorization in Email Service
CVSS 5.5
CVE-2023-30914 MEDIUM
Android - Missing Authorization Leading to Local Information Disclosure
CVSS 5.5
CVE-2023-30866 MEDIUM
Android - Local Information Disclosure via Telephony Service Missing Permission Check
CVSS 5.5
CVE-2023-30865 MEDIUM
Android - Local Information Disclosure via Dialer Service Missing Permission Check
CVSS 5.5
CVE-2023-30864 HIGH
Android - Missing Authorization in Connectivity Service
CVSS 7.8
CVE-2023-30863 HIGH
Android - Missing Authorization in Connectivity Service
CVSS 7.8
CVE-2023-33970 MEDIUM
Kanboard < 1.2.30 - Authenticated Information Disclosure via Task and Project Title Leak
CVSS 5.4
CVE-2023-33968 MEDIUM
Kanboard <1.2.30 - Privilege Escalation
CVSS 5.4
CVE-2023-2415 MEDIUM
WordPress vcita <= 4.2.10 - Authenticated DoS via vcita_logout_callback
CVSS 5.4
CVE-2023-2299 MEDIUM
vcita WordPress Plugin <=4.4.2 - Unauthenticated Data Modification via /wp-json Endpoint
CVSS 5.3
CVE-2023-3053 MEDIUM
WordPress Page Builder by AZEXO <1.27.133 - Privilege Escalation
CVSS 5.4
CVE-2023-28657 HIGH
CONPROSYS HMI System <3.5.3 - Privilege Escalation
CVSS 8.8
CVE-2023-2434 LOW
Nested Pages <= 3.2.3 - Authenticated Data Loss via Missing Capability Check
CVSS 3.8
CVE-2023-2547 MEDIUM
Feather Login Page 1.0.7-1.1.1 - Authenticated Unauthorized Data Deletion via deleteUser Function
CVSS 5.4
CVE-2023-2545 HIGH
Feather Login Page 1.0.7-1.1.1 - Authenticated Missing Authorization in getListOfUsers Function
CVSS 8.1
Details
Vulnerabilities 8,401
Exploit Likelihood High