The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,421 vulnerabilities with CWE-862
CVE-2019-0258
HIGH
SAP Disclosure Management 10.01 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2019-0257
HIGH
SAP Netweaver Application Server Abap < 7.02 - Missing Authorization
CVSS 8.8
CVE-2019-1003006
HIGH
Jenkins Groovy < 2.0 - Authenticated Remote Code Execution via StringScriptSource
CVSS 8.8
CVE-2019-1000017
MEDIUM
Chamilo Chamilo-lms <1.11.8 - Info Disclosure
CVSS 6.5
CVE-2019-5886
CRITICAL
ShopXO 1.2.0 - Unauthenticated Database Reinstallation and Arbitrary Code Execution via Missing Lock File Validation
CVSS 9.8
CVE-2019-0573
HIGH
Windows Data Sharing Service - Privilege Escalation
CVSS 7.8
CVE-2019-0566
HIGH
Microsoft Edge - Privilege Escalation
CVSS 8.8
CVE-2019-0555
HIGH
Microsoft XmlDocument - Privilege Escalation
CVSS 7.8
CVE-2019-0243
HIGH
SAP BW/4HANA - Authenticated Privilege Escalation via Masterdata Maintenance
CVSS 8.8
CVE-2018-25391
HIGH
HaPe PKH 1.1 Missing Authorization Allows Unauthenticated Record Deletion
CVSS 7.5
CVE-2018-9406
MEDIUM
Android - Missing Authorization in NlpService
CVSS 5.5
CVE-2018-9382
HIGH
Android - Missing Authorization in WifiServiceImpl.java
CVSS 7.8
CVE-2018-9477
HIGH
Android - Missing Authorization in Development Options
CVSS 7.8
CVE-2018-9469
HIGH
Android - Missing Authorization in ShortcutService
CVSS 7.8
CVE-2018-25105
CRITICAL
WordPress File Manager <3.0 - Auth Bypass
CVSS 9.8
CVE-2018-14628
MEDIUM
Samba 4.0.0-4.18.8 - Authenticated Information Disclosure in LDAP Server
CVSS 4.3
CVE-2018-25019
HIGH
LearnDash LMS WordPress Plugin < 2.5.4 - Unauthenticated Arbitrary File Upload via learndash_assignment_process_init()
CVSS 7.5
CVE-2018-10866
CRITICAL
redhat-certification 7 - Unauthenticated Arbitrary File Deletion via Configuration View
CVSS 9.1
CVE-2018-10865
HIGH
Red Hat Certification 7 - Unauthenticated Missing Authorization via /configuration View
CVSS 7.5
CVE-2018-21257
MEDIUM
Mattermost Server < 5.1.0 - Missing Authorization via Channel Header Slash Command API
CVSS 5.3
CVE-2018-21251
CRITICAL
Mattermost Server < 5.2 and < 5.1.1 - Missing Authorization via Channel Name Mismatch
CVSS 9.8
CVE-2018-21047
HIGH
Samsung Android O(8.x) - Factory Reset Protection Bypass via Voice Assistant
CVSS 7.5
CVE-2018-21046
LOW
Samsung Android O(8.x) - Unauthenticated Clipboard Data Exposure via Emergency Dialer
CVSS 2.4
CVE-2018-21042
CRITICAL
Samsung Android N(7.x)-P(9.0) - Unauthenticated Privileged Code Execution via Dual Messenger APK Installation
CVSS 9.8
CVE-2018-13063
HIGH
Easy!Appointments 1.3.0 - Missing Authorization
CVSS 7.5
Details
Vulnerabilities
8,421
Exploit Likelihood
High