CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,402 vulnerabilities with CWE-862
CVE-2022-39100 HIGH
Power Management Service - Privilege Escalation
CVSS 7.8
CVE-2022-39099 HIGH
Power Management Service - Privilege Escalation
CVSS 7.8
CVE-2022-39098 HIGH
Power Management Service - Privilege Escalation
CVSS 7.8
CVE-2022-39097 HIGH
Power Management Service - Privilege Escalation
CVSS 7.8
CVE-2022-39096 HIGH
Power Management Service - Privilege Escalation
CVSS 7.8
CVE-2022-39095 HIGH
Power Management Service - Privilege Escalation
CVSS 7.8
CVE-2022-39094 HIGH
Power Management Service - Privilege Escalation
CVSS 7.8
CVE-2022-39093 HIGH
Power Management Service - Privilege Escalation
CVSS 7.8
CVE-2022-39092 HIGH
Power Management Service - Privilege Escalation
CVSS 7.8
CVE-2022-39091 HIGH
Power Management Service - Privilege Escalation
CVSS 7.8
CVE-2022-39090 HIGH
Power Management Service - Privilege Escalation
CVSS 7.8
CVE-2022-44009 HIGH
StackStorm <3.7.0 - Info Disclosure
CVSS 7.5
CVE-2022-41807 MEDIUM
Kyocera Document Solutions MFPs - Auth Bypass
CVSS 6.5
CVE-2022-32966 MEDIUM
Realtek RTL8111FP-CG Firmware < 5.0.23 - Unauthenticated Denial of Service via DASH Service Port
CVSS 6.5
CVE-2022-24190 HIGH
Ourphoto App 1.4.1 - Privilege Escalation
CVSS 7.5
CVE-2022-4169 MEDIUM
Polylang < 3.2.17 - Unauthenticated Authorization Bypass
CVSS 6.5
CVE-2022-41930 HIGH
XWiki 12.4-13.10.6 - Unauthenticated Missing Authorization in User Profile UI
CVSS 7.5
CVE-2022-41929 MEDIUM
XWiki 11.7-13.10.6, 14.0.0-14.4.1 - Missing Authorization in User#setDisabledStatus
CVSS 4.9
CVE-2022-43685 HIGH
CKAN < 2.8.12 and 2.9.0-2.9.6 - Unauthenticated Account Takeover via HTTP POST Request
CVSS 8.8
CVE-2022-41937 CRITICAL
XWiki < 13.10.8 - Unauthenticated Arbitrary Page Modification via XAR Package Import
CVSS 9.6
CVE-2022-41326 CRITICAL
Mitel MiCollab < 9.6.0.105 - Unauthenticated Arbitrary File Upload and Remote Code Execution
CVSS 9.8
CVE-2022-43482 MEDIUM
WordPress Appointment Booking Calendar <1.3.69 - Info Disclosure
CVSS 4.3
CVE-2022-41692 MEDIUM
WordPress Appointment Hour Booking <1.3.71 - Info Disclosure
CVSS 4.3
CVE-2022-42903 LOW
ManageEngine SupportCenter Plus <= 11024 - Missing Authorization for Organization Users List
CVSS 3.3
CVE-2022-3920 MEDIUM
HashiCorp Consul 1.13.0-1.13.3 - Unauthenticated Information Disclosure via UI Endpoints
CVSS 5.3
Details
Vulnerabilities 8,402
Exploit Likelihood High