CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,402 vulnerabilities with CWE-862
CVE-2023-27462 LOW
RUGGEDCOM CROSSBOW < 5.3 - Authenticated Missing Authorization in Client Query Handler
CVSS 3.1
CVE-2023-27310 MEDIUM
RUGGEDCOM CROSSBOW <V5.2 - Privilege Escalation
CVSS 6.6
CVE-2023-27309 MEDIUM
RUGGEDCOM CROSSBOW <V5.2 - Privilege Escalation
CVSS 5.0
CVE-2023-1339 MEDIUM
Autoptimize <1.7.1 - Privilege Escalation
CVSS 4.3
CVE-2023-1338 MEDIUM
Autoptimize <1.7.1 - Privilege Escalation
CVSS 4.3
CVE-2023-1337 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Authenticated Data Loss via Missing Capability Check
CVSS 4.3
CVE-2023-1336 MEDIUM
Autoptimize <1.7.1 - Privilege Escalation
CVSS 4.3
CVE-2023-1335 MEDIUM
Autoptimize <1.7.1 - Privilege Escalation
CVSS 4.3
CVE-2023-1334 MEDIUM
Autoptimize <1.7.1 - Unauthorized Cache Modification
CVSS 4.3
CVE-2023-1333 MEDIUM
RapidLoad Power-Up for Autoptimize <= 1.7.1 - Authenticated Cache Deletion via Missing Capability Check
CVSS 4.3
CVE-2023-20064 MEDIUM
Cisco IOS XR < 7.9.1 - Unauthenticated Sensitive File Exposure via GRUB Bootloader Commands
CVSS 4.6
CVE-2023-26957 CRITICAL
onekeyadmin <1.3.9 - Path Traversal
CVSS 9.1
CVE-2023-25573 HIGH
metersphere < 1.20.19 - Unauthenticated Arbitrary File Download via /api/jmeter/download/files
CVSS 8.6
CVE-2023-22858 MEDIUM
BlogEngine.NET 3.3.8.0 - Info Disclosure
CVSS 5.3
CVE-2023-26510 MEDIUM
Ghost 5.35.0 - Missing Authorization for Draft Post Access
CVSS 5.7
CVE-2023-1114 CRITICAL
Eskom e-Belediye 1.0.0.95-1.0.0.100 - Missing Authorization
CVSS 9.8
CVE-2023-1027 MEDIUM
WP Meta SEO < 4.5.3 - Authenticated Missing Authorization via Sitemap Generation
CVSS 4.3
CVE-2023-1026 MEDIUM
WP Meta SEO <4.5.3 - Info Disclosure
CVSS 4.3
CVE-2023-1024 MEDIUM
WP Meta SEO < 4.5.3 - Authenticated Unauthorized Sitemap Generation via regenerateSitemaps Function
CVSS 4.3
CVE-2023-1023 MEDIUM
WP Meta SEO <= 4.5.3 - Authenticated Plugin Settings Update via Missing Capability Check
CVSS 5.4
CVE-2023-1022 MEDIUM
WP Meta SEO <4.5.3 - Privilege Escalation
CVSS 5.4
CVE-2023-27264 HIGH
Mattermost < 7.1.4 - Missing Authorization in Playbooks API
CVSS 7.1
CVE-2023-27263 MEDIUM
Mattermost < 7.1.4 - Missing Authorization in Playbooks API
CVSS 4.3
CVE-2023-26035 HIGH
ZoneMinder < 1.36.33 - Unauthenticated Remote Code Execution via Snapshot Action
CVSS 7.2
CVE-2023-23850 MEDIUM
Synopsys Jenkins Coverity Plugin <3.0.2 - Info Disclosure
CVSS 4.3
Details
Vulnerabilities 8,402
Exploit Likelihood High