The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,403 vulnerabilities with CWE-862
CVE-2022-1511
MEDIUM
snipe-it < 5.4.4 - Missing Authorization
CVSS 6.5
CVE-2022-1092
MEDIUM
myCred < 2.4.4 - Authenticated Missing Authorization in mycred-tools-import-export AJAX Action
CVSS 4.3
CVE-2022-0634
MEDIUM
ThirstyAffiliates Affiliate Link Manager < 3.10.5 - Missing Authorization in ta_insert_external_image Action
CVSS 4.3
CVE-2022-0398
MEDIUM
ThirstyAffiliates Affiliate Link Manager <3.10.5 - CSRF
CVSS 5.4
CVE-2022-0363
MEDIUM
myCred WordPress plugin <2.4.3.1 - CSRF
CVSS 4.3
CVE-2022-0287
MEDIUM
myCred WordPress <2.4.4.1 - Info Disclosure
CVSS 4.3
CVE-2022-25342
HIGH
Olivetti d-COLOR MF3555 Firmware 2XD_S000.002.271 - Missing Authorization in /mngset/authset
CVSS 8.1
CVE-2022-1384
MEDIUM
Mattermost < 6.5.0 - Authenticated Plugin Version Check Bypass
CVSS 4.7
CVE-2022-1329
HIGH
Elementor Website Builder 3.6.0-3.6.2 - Authenticated Remote Code Execution via Onboarding Module AJAX Actions
CVSS 8.8
CVE-2022-1054
MEDIUM
RSVP and Event Management Plugin < 2.7.8 - Unauthenticated Sensitive Data Exposure via Export Function
CVSS 5.3
CVE-2022-1020
CRITICAL
Woo Product Table < 3.1.2 - Unauthenticated Arbitrary Function Call via wpt_admin_update_notice_option AJAX Action
CVSS 9.8
CVE-2022-29051
MEDIUM
Jenkins Publish Over FTP Plugin <1.16 - Privilege Escalation
CVSS 4.3
CVE-2022-27669
HIGH
SAP NetWeaver Application Server for Java 7.50 - Unauthenticated Missing Authorization in XML Data Archiving Service
CVSS 7.5
CVE-2022-27480
HIGH
SICAM A8000 CP-8031 and CP-8050 Firmware < 4.80 - Unauthenticated Arbitrary File Download
CVSS 7.5
CVE-2022-0919
MEDIUM
Salon booking system WordPress plugins < 7.6.3 - Unauthenticated Sensitive Information Exposure
CVSS 5.3
CVE-2022-0837
MEDIUM
Amelia < 1.0.48 - Missing Authorization in SMS Service
CVSS 5.4
CVE-2022-0404
MEDIUM
Material Design for Contact Form 7 <2.6.4 - DoS
CVSS 6.5
CVE-2022-0390
MEDIUM
Gitlab CE/EE <14.5.4-14.7.1 - Info Disclosure
CVSS 4.3
CVE-2022-26546
CRITICAL
Hospital Management System v1.0 - Info Disclosure
CVSS 9.1
CVE-2022-23183
MEDIUM
Advanced Custom Fields < 5.12.1 - Authenticated Missing Authorization
CVSS 6.5
CVE-2022-20002
HIGH
Android <12L - Privilege Escalation
CVSS 7.8
CVE-2022-28158
MEDIUM
Jenkins Pipeline: Phoenix AutoTest Plugin < 1.3 - Missing Authorization for Credential ID Enumeration
CVSS 6.5
CVE-2022-28151
MEDIUM
Jenkins Job and Node Ownership Plugin < 0.13.0 - Missing Authorization
CVSS 4.3
CVE-2022-28147
MEDIUM
Jenkins Continuous Integration with Toad Edge Plugin < 2.3 - Missing Authorization for File Path Existence Check
CVSS 4.3
CVE-2022-28144
MEDIUM
Jenkins Proxmox Plugin < 0.7.0 - Missing Authorization in HTTP Endpoints
CVSS 6.5
Details
Vulnerabilities
8,403
Exploit Likelihood
High