The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,421 vulnerabilities with CWE-862
CVE-2020-5228
HIGH
Opencast < 7.6 - Unauthenticated Unauthorized Access via OAI-PMH
CVSS 7.6
CVE-2020-2094
MEDIUM
Jenkins Health Advisor by CloudBees < 3.0 - Missing Authorization for Email Sending
CVSS 4.3
CVE-2020-2091
HIGH
Jenkins Amazon EC2 Plugin < 1.47 - Server-Side Request Forgery via AWS Credentials
CVSS 8.1
CVE-2020-6306
LOW
SAP Leasing <6.18 - Privilege Escalation
CVSS 2.7
CVE-2020-6168
HIGH
WordPress Minimal Coming Soon & Maintenance Mode <2.10 - Privilege ...
CVSS 7.6
CVE-2019-25351
HIGH
Centova Cast 3.2.11 - Path Traversal
CVSS 8.8
CVE-2019-25217
CRITICAL
SiteGround Optimizer <5.0.12 - Auth Bypass/RCE
CVSS 9.8
CVE-2019-25215
HIGH
ARI-Adminer <= 1.1.14 - Unauthenticated Authorization Bypass via Direct File Access
CVSS 7.3
CVE-2019-25214
HIGH
ShopWP <= 2.0.4 - Unauthenticated Authorization Bypass via REST API Routes
CVSS 7.2
CVE-2019-25143
MEDIUM
GDPR Cookie Compliance <4.0.2 - Auth Bypass
CVSS 5.4
CVE-2019-25142
HIGH
WordPress Mesmerize & Materialis <1.6.89-1.0.172 - Authenticated Op...
CVSS 8.8
CVE-2019-25141
CRITICAL
Easy WP SMTP < 1.3.9 - Unauthenticated Authorization Bypass via admin_init()
CVSS 9.8
CVE-2019-25139
MEDIUM
Coming Soon Page & Maintenance Mode <1.8.1 - Info Disclosure
CVSS 6.5
CVE-2019-11785
MEDIUM
Odoo < 13.0 - Authenticated Improper Access Control in Mail Module Followers
CVSS 4.3
CVE-2019-11784
MEDIUM
Odoo < 14.0 - Authenticated Improper Access Control in Mail Module Notifications
CVSS 6.5
CVE-2019-11783
MEDIUM
Odoo < 14.0 - Authenticated Improper Access Control in Mail Module
CVSS 6.5
CVE-2019-19885
CRITICAL
Bender COMTRAXX < 4.2.0 - Missing Authorization
CVSS 9.1
CVE-2019-20887
MEDIUM
Mattermost Server < 4.10.6 - Missing Authorization for Intra-Team Post Access
CVSS 4.3
CVE-2019-20885
HIGH
Mattermost Server < 5.8.0 - Missing Authorization for robots.txt Generation
CVSS 7.5
CVE-2019-20801
MEDIUM
Readdle Documents < 6.9.7 - Unauthenticated Data Access via Cross-Origin WebSocket
CVSS 5.3
CVE-2019-15877
MEDIUM
FreeBSD <12.1-RELEASE-p3 - Privilege Escalation
CVSS 5.5
CVE-2019-15876
MEDIUM
FreeBSD <12.1-RELEASE-p3, <11.3-RELEASE-p7 - Privilege Escalation
CVSS 5.5
CVE-2019-14116
HIGH
Qualcomm IPQ6018 Firmware - Privilege Escalation via Altered Debug Policy Image
CVSS 7.8
CVE-2019-20676
MEDIUM
NETGEAR Multiple Switches - Missing Function-Level Access Control
CVSS 6.0
CVE-2019-20614
HIGH
Samsung Android N(7.x)-P(9.0) - Missing Authorization in Allshare
CVSS 7.5
Details
Vulnerabilities
8,421
Exploit Likelihood
High