The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,401 vulnerabilities with CWE-862
CVE-2023-1169
MEDIUM
OoohBoi Steroids for Elementor <2.1.4 - Auth Bypass
CVSS 4.3
CVE-2023-0993
MEDIUM
Shield Security < 17.0.17 - Authenticated Missing Authorization via theme-plugin-file AJAX Action
CVSS 4.3
CVE-2023-0291
HIGH
Quiz And Survey Master <8.0.8 - Auth Bypass
CVSS 7.2
CVE-2023-34234
MEDIUM
OpenZeppelin Contracts 4.3.0-4.9.0 - Missing Authorization in Governor Proposal Creation
CVSS 5.3
CVE-2023-3126
MEDIUM
B2BKing < 4.6.00 - Authenticated Unauthorized Data Access via b2bkingdownloadpricelist Function
CVSS 4.3
CVE-2023-3125
MEDIUM
B2BKing < 4.6.00 - Authenticated Arbitrary Product Price Modification via Missing Capability Check
CVSS 6.5
CVE-2023-3124
HIGH
Elementor Pro <3.11.6 - Privilege Escalation
CVSS 8.8
CVE-2023-33477
MEDIUM
Harmonic NSG 9000-6G - Info Disclosure
CVSS 6.5
CVE-2023-2183
MEDIUM
Grafana 8.0.0-8.5.25 - Unauthenticated Test Alert Abuse via API
CVSS 4.1
CVE-2023-30948
MEDIUM
Foundry Comments <2.249.0 - Info Disclosure
CVSS 6.5
CVE-2023-30915
MEDIUM
Android - Missing Authorization in Email Service
CVSS 5.5
CVE-2023-30914
MEDIUM
Android - Missing Authorization Leading to Local Information Disclosure
CVSS 5.5
CVE-2023-30866
MEDIUM
Android - Local Information Disclosure via Telephony Service Missing Permission Check
CVSS 5.5
CVE-2023-30865
MEDIUM
Android - Local Information Disclosure via Dialer Service Missing Permission Check
CVSS 5.5
CVE-2023-30864
HIGH
Android - Missing Authorization in Connectivity Service
CVSS 7.8
CVE-2023-30863
HIGH
Android - Missing Authorization in Connectivity Service
CVSS 7.8
CVE-2023-33970
MEDIUM
Kanboard < 1.2.30 - Authenticated Information Disclosure via Task and Project Title Leak
CVSS 5.4
CVE-2023-33968
MEDIUM
Kanboard <1.2.30 - Privilege Escalation
CVSS 5.4
CVE-2023-2415
MEDIUM
WordPress vcita <= 4.2.10 - Authenticated DoS via vcita_logout_callback
CVSS 5.4
CVE-2023-2299
MEDIUM
vcita WordPress Plugin <=4.4.2 - Unauthenticated Data Modification via /wp-json Endpoint
CVSS 5.3
CVE-2023-3053
MEDIUM
WordPress Page Builder by AZEXO <1.27.133 - Privilege Escalation
CVSS 5.4
CVE-2023-28657
HIGH
CONPROSYS HMI System <3.5.3 - Privilege Escalation
CVSS 8.8
CVE-2023-2434
LOW
Nested Pages <= 3.2.3 - Authenticated Data Loss via Missing Capability Check
CVSS 3.8
CVE-2023-2547
MEDIUM
Feather Login Page 1.0.7-1.1.1 - Authenticated Unauthorized Data Deletion via deleteUser Function
CVSS 5.4
CVE-2023-2545
HIGH
Feather Login Page 1.0.7-1.1.1 - Authenticated Missing Authorization in getListOfUsers Function
CVSS 8.1
Details
Vulnerabilities
8,401
Exploit Likelihood
High