The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,401 vulnerabilities with CWE-862
CVE-2023-24605
MEDIUM
OX App Suite <7.10.6-rev37 - Info Disclosure
CVSS 4.2
CVE-2023-2945
MEDIUM
OpenEMR < 7.0.1 - Missing Authorization
CVSS 5.4
CVE-2023-32316
HIGH
CloudExplorer Lite < 1.1.0 - Missing Authorization in User Profile
CVSS 7.1
CVE-2023-32311
HIGH
fit2cloud cloudexplorer < 1.1.0 - Missing Authorization for Organization Membership
CVSS 7.1
CVE-2023-2480
HIGH
M-Files < 23.5.12598.0 - Privilege Escalation via UI Extension Applications
CVSS 7.5
CVE-2023-33983
HIGH
Briar < 1.5.3 - Missing Authorization for Introduction Client Public Key Verification
CVSS 7.4
CVE-2023-33948
MEDIUM
Liferay Portal/DXP 7.4.3.67 - Info Disclosure
CVSS 5.3
CVE-2023-2494
MEDIUM
Go Pricing WordPress Plugin <= 3.3.19 - Authenticated Missing Authorization
CVSS 4.6
CVE-2023-27304
MEDIUM
Cybozu Garoon 4.6.0-5.9.2 - Authenticated Operation Restriction Bypass in Message and Bulletin
CVSS 4.3
CVE-2023-31826
HIGH
Skyscreamer Open Source Nevado JMS <1.3.2 - Command Injection
CVSS 7.8
CVE-2023-33252
HIGH
snarkjs < 0.6.11 - Missing Authorization via Public Signals Length Validation
CVSS 7.5
CVE-2023-2716
MEDIUM
Groundhogg <= 2.7.9.8 - Authenticated Unauthorized Data Access and Modification via ajax_upload_file
CVSS 5.4
CVE-2023-2715
MEDIUM
Groundhogg <= 2.7.9.8 - Authenticated Unauthorized Data Modification via submit_ticket Function
CVSS 4.3
CVE-2023-2714
MEDIUM
Groundhogg <= 2.7.9.8 - Authenticated License Key Modification via Missing Capability Check
CVSS 4.3
CVE-2023-28623
MEDIUM
Zulip < 6.2 - Unauthenticated Account Creation via LDAP Authentication Bypass
CVSS 6.5
CVE-2023-32677
LOW
Zulip < 6.2 - Missing Authorization for Stream Assignment in User Invitation
CVSS 3.1
CVE-2023-2757
HIGH
Waiting: One-click countdowns <= 0.6.2 - Authenticated Cross-Site Scripting via saveLang Function
CVSS 7.4
CVE-2023-20726
LOW
Yocto - Unauthenticated GPS Location Disclosure via Missing Authorization
CVSS 3.3
CVE-2023-2590
LOW
answer < 1.0.9 - Missing Authorization
CVSS 3.5
CVE-2023-32112
LOW
SAP S4CORE and Vendor Master Hierarchy - Authenticated Missing Authorization
CVSS 2.8
CVE-2023-22813
LOW
Western Digital My Cloud OS 5 and My Cloud Home - Unauthenticated Information Disclosure via Device API Endpoint
CVSS 3.3
CVE-2023-27963
HIGH
iPadOS < 15.7.4 - Missing Authorization for Sensitive Data Access via Shortcut Actions
CVSS 7.5
CVE-2023-31047
CRITICAL
Django <3.2.19, <4.1.9, <4.2.1 - Auth Bypass
CVSS 9.8
CVE-2023-0805
MEDIUM
GitLab 15.2-15.9.5, 15.10-15.10.4, 15.11 - Missing Authorization for Banned Group Members
CVSS 4.9
CVE-2023-22728
MEDIUM
Silverstripe Framework < 4.12.15 - Missing Authorization in GridField Print View
CVSS 4.3
Details
Vulnerabilities
8,401
Exploit Likelihood
High