The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,403 vulnerabilities with CWE-862
CVE-2022-40673
HIGH
KDiskMark < 3.1.0 - Unauthenticated Missing Authorization via D-Bus Helper Methods
CVSS 7.8
CVE-2022-39119
HIGH
Android - Missing Authorization Leading to Local Privilege Escalation
CVSS 7.8
CVE-2022-36856
MEDIUM
Android Telecom - Unauthenticated Emergency Call Initiation via Improper Access Control
CVSS 4.0
CVE-2022-36091
HIGH
XWiki Platform <14.2 - Info Disclosure
CVSS 7.5
CVE-2022-31167
HIGH
XWiki Platform <12.10.11, 13.4.6 - Info Disclosure
CVSS 7.1
CVE-2022-2461
MEDIUM
Transposh WordPress Translation <= 1.0.9.6 - Unauthenticated Setting Change via tp_translation AJAX Action
CVSS 5.3
CVE-2022-38367
MEDIUM
Netic User Export <2.0.6 - Info Disclosure
CVSS 5.3
CVE-2022-2657
MEDIUM
Multivendor Marketplace Solution <3.8.12 - CSRF
CVSS 4.3
CVE-2022-2543
MEDIUM
Visual Portfolio, Photo Gallery & Post Grid WP <2.18.0 - CSRF
CVSS 6.1
CVE-2022-2376
MEDIUM
Directorist WP <7.3.1 - Info Disclosure
CVSS 5.3
CVE-2022-38370
HIGH
Apache IoTDB grafana-connector <0.13.1 - Info Disclosure
CVSS 7.5
CVE-2022-36642
CRITICAL
Omnia MPX Node Firmware < 1.5.0 - Unauthenticated Local File Disclosure via /appConfig/userDB.json
CVSS 9.8
CVE-2022-2373
MEDIUM
Simply Schedule Appointments WP <1.5.7.7 - Info Disclosure
CVSS 5.3
CVE-2022-36226
HIGH
SiteServerCMS < 5.0.0 - Remote Code Execution via ajaxOtherService.aspx
CVSS 7.2
CVE-2022-32769
MEDIUM
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Authenticated Authentication Bypass via Playlists Plugin ID Handling
CVSS 5.0
CVE-2022-32768
MEDIUM
WWBN AVideo 11.6 and dev master commit 3f7c0364 - Authentication Bypass via Live Schedules Plugin ID Guessing
CVSS 4.2
CVE-2022-2552
MEDIUM
Duplicator < 1.4.7.1 - Information Disclosure
CVSS 5.3
CVE-2022-2389
MEDIUM
funnelkit_automations < 2.1.2 - Authenticated Missing Authorization via AJAX Action
CVSS 4.3
CVE-2022-2382
MEDIUM
WooCommerce Product Slider <2.5.7 - CSRF
CVSS 4.3
CVE-2022-2377
MEDIUM
Directorist < 7.3.0 - Authenticated Arbitrary Email Sending via AJAX Action
CVSS 4.3
CVE-2022-2276
MEDIUM
WP Edit Menu < 1.5.0 - Unauthenticated Arbitrary Post Deletion via AJAX Action
CVSS 4.3
CVE-2022-25810
MEDIUM
Transposh WordPress Translation < 1.0.8 - Missing Authorization in Utilities Tab
CVSS 6.5
CVE-2022-2841
LOW
CrowdStrike Falcon <6.31.14505.0/6.42.15610/6.44.15806 - Auth Bypass
CVSS 2.7
CVE-2022-36024
HIGH
py-cord <2.0.1 - DoS
CVSS 7.5
CVE-2022-2846
MEDIUM
Calendar Event Multi View WP <1.4.07 - XSS
CVSS 4.3
Details
Vulnerabilities
8,403
Exploit Likelihood
High