The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,402 vulnerabilities with CWE-862
CVE-2022-20941
MEDIUM
Cisco Firepower Management Center - Unauthenticated Sensitive Information Disclosure via Resource Enumeration
CVSS 5.3
CVE-2022-45399
MEDIUM
Jenkins Cluster Statistics Plugin < 0.4.6 - Missing Authorization
CVSS 4.3
CVE-2022-45394
MEDIUM
Jenkins Delete log Plugin < 1.0 - Missing Authorization for Build Log Deletion
CVSS 4.3
CVE-2022-45390
MEDIUM
Jenkins loader.io < 1.0.1 - Missing Authorization for Credential ID Enumeration
CVSS 4.3
CVE-2022-45389
MEDIUM
Jenkins XP-Dev Plugin < 1.0 - Unauthenticated Build Trigger via Repository Specification
CVSS 5.3
CVE-2022-45385
HIGH
Jenkins CloudBees Docker Hub/Registry Notification Plugin < 2.6.2.1 - Unauthenticated Build Trigger
CVSS 7.5
CVE-2022-3538
MEDIUM
Webmaster Tools Verification <1.2 - CSRF
CVSS 6.5
CVE-2022-2450
MEDIUM
resmush.it Image Optimizer < 0.4.4 - Authenticated Missing Authorization in AJAX Actions
CVSS 4.3
CVE-2022-38651
CRITICAL
VMware Hyperic Server <5.8.6 - Auth Bypass
CVSS 9.8
CVE-2022-44549
HIGH
HarmonyOS and EMUI - Missing Authorization in LBS Geofencing API
CVSS 7.5
CVE-2022-20451
HIGH
Android - Missing Authorization in CallsManager onCallRedirectionComplete
CVSS 7.8
CVE-2022-20450
HIGH
Android - Local Privilege Escalation via Missing Permission Check in PermissionManagerServiceImpl
CVSS 7.8
CVE-2022-20446
LOW
Android 10-11 - Unauthenticated Microphone Access via AlwaysOnHotwordDetector
CVSS 3.3
CVE-2022-40223
MEDIUM
SearchWP <= 4.2.5 - Missing Authorization via Nonce Token Leakage
CVSS 5.4
CVE-2022-3489
MEDIUM
WP Hide < 0.0.2 - Unauthenticated Missing Authorization in Custom WPAdmin Slug Update
CVSS 5.3
CVE-2022-3451
MEDIUM
Product Stock Manager < 1.0.5 - Missing Authorization in AJAX Actions
CVSS 4.3
CVE-2022-36404
MEDIUM
David Cole Simple SEO <= 1.8.12 - CSRF
CVSS 5.4
CVE-2022-2696
MEDIUM
Restaurant Menu - Food Ordering System - Auth Bypass
CVSS 6.3
CVE-2022-3096
MEDIUM
WP Total Hacks < 4.7.2 - Missing Authorization and Stored Cross-Site Scripting
CVSS 5.4
CVE-2022-3400
MEDIUM
Bricks 1.0-1.5.3 - Authenticated Authorization Bypass via bricks_save_post AJAX Action
CVSS 6.5
CVE-2022-3512
MEDIUM
Cloudflare WARP < 2022.8.857.0, < 2022.8.861.0, < 2022.8.936 - Missing Authorization via add-trusted-ssid Command
CVSS 6.7
CVE-2022-3337
MEDIUM
WARP mobile client - Info Disclosure
CVSS 6.7
CVE-2022-3322
MEDIUM
Cloudflare WARP Mobile Client < 6.14 - Missing Authorization for Lock Warp Switch Bypass
CVSS 6.7
CVE-2022-3321
MEDIUM
Cloudflare WARP Mobile Client < 6.14 - Missing Authorization via Lock WARP Switch Bypass
CVSS 6.7
CVE-2022-3320
MEDIUM
Cloudflare WARP < 2022.8.857.0 - Policy Bypass via Custom Endpoint Disconnect
CVSS 6.7
Details
Vulnerabilities
8,402
Exploit Likelihood
High