The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,407 vulnerabilities with CWE-862
CVE-2022-24317
HIGH
Schneider-electric Interactive Graphical Scada System Data Server < 15.0.0.22020 - Missing Authorization
CVSS 7.5
CVE-2022-22535
MEDIUM
SAP ERP HCM Portugal - Info Disclosure
CVSS 6.5
CVE-2022-20043
HIGH
Android - Missing Authorization in Bluetooth
CVSS 7.8
CVE-2022-20041
HIGH
Android - Missing Authorization in Bluetooth
CVSS 7.8
CVE-2022-20024
HIGH
Google Android System Service - Privilege Escalation
CVSS 7.8
CVE-2022-23621
MEDIUM
XWiki < 12.10.9, 13.4.3, >=13.6-rc-1 <13.7-rc-1 - Arbitrary File Read via XWiki#invokeServletAndReturnAsString
CVSS 5.5
CVE-2022-23617
MEDIUM
XWiki Platform < 12.10.6 - Missing Authorization via Page Template Copy
CVSS 6.5
CVE-2022-21660
HIGH
gin-vue-admin < 2.4.6 - Missing Authorization in setUserInfo Function
CVSS 8.1
CVE-2022-24450
HIGH
NATS nats-server <2.7.2 - Privilege Escalation
CVSS 8.8
CVE-2022-0218
HIGH
WP HTML Mail <3.0.9 - Info Disclosure
CVSS 8.3
CVE-2022-0203
MEDIUM
GitHub crater-invoice/crater <6.0.2 - Info Disclosure
CVSS 5.3
CVE-2022-23945
HIGH
Apache ShenYu 2.4.0-2.4.1 - Unauthenticated Missing Authorization via HTTP Registration
CVSS 7.5
CVE-2022-23944
CRITICAL
Apache ShenYu <2.4.1 - Info Disclosure
CVSS 9.1
CVE-2022-21707
MEDIUM
wasmCloud Host Runtime < 0.52.2 - Missing Authorization for Actor Capability Claims
CVSS 6.3
CVE-2022-0236
HIGH
Vjinfotech WP Import Export WordPress Plugin <= 3.9.15 - Sensitive Data Disclosure
CVSS 7.5
CVE-2022-0152
MEDIUM
GitLab <14.4.5-14.6.2 - Info Disclosure
CVSS 6.5
CVE-2022-0125
MEDIUM
GitLab <14.4.5-14.6.2 - Privilege Escalation
CVSS 4.3
CVE-2022-0178
MEDIUM
snipe/snipe-it <5.3.8 - Info Disclosure
CVSS 6.3
CVE-2022-23112
MEDIUM
Jenkins Publish Over SSH Plugin < 1.22 - Missing Authorization for SSH Server Connection
CVSS 6.5
CVE-2022-20620
MEDIUM
Jenkins SSH Agent Plugin <1.23 - Info Disclosure
CVSS 4.3
CVE-2022-20618
MEDIUM
Jenkins Bitbucket Branch Source Plugin < 737.vdf9dc06105be - Missing Authorization for Credential ID Enumeration
CVSS 4.3
CVE-2022-20616
MEDIUM
Jenkins Credentials Binding Plugin <1.27 - Privilege Escalation
CVSS 4.3
CVE-2022-20614
MEDIUM
Jenkins Mailer Plugin <391.ve4a_38c1f - Info Disclosure
CVSS 4.3
CVE-2022-0179
MEDIUM
snipe-it < 5.3.7 - Missing Authorization
CVSS 5.4
CVE-2022-22111
HIGH
DayByDay CRM <2.2.0 - Privilege Escalation
CVSS 8.8
Details
Vulnerabilities
8,407
Exploit Likelihood
High