CWE-862: Missing Authorization

A missing authorization vulnerability in Q-Free MaxTime allows authenticated low-privileged users to delete user groups via crafted HTTP requests. Thi...

This vulnerability in the Click Mag WordPress theme allows authenticated attackers with subscriber-level access or higher to delete arbitrary WordPres...

The ConvertPlus WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to modify c...

This vulnerability in the ZoxPress WordPress theme allows authenticated users with Subscriber-level access or higher to delete arbitrary WordPress opt...

The Live2DWebCanvas WordPress plugin has an arbitrary file deletion vulnerability that allows authenticated attackers with Subscriber-level access or ...

This vulnerability allows attackers to bypass authentication on Tenda AC1200 routers by sending specially crafted web requests. Attackers could gain u...

The NitroPack WordPress plugin has an authorization bypass vulnerability that allows authenticated users with subscriber-level access or higher to mod...

This CVE describes a missing authorization vulnerability in the Premmerce User Roles WordPress plugin that allows attackers to exploit incorrectly con...

This vulnerability allows unauthenticated attackers to gain administrator access on WordPress sites running MainWP Child plugin versions up to 5.2 whe...

CVE-2023-49856 is a missing authorization vulnerability in RedNao Smart Forms WordPress plugin that allows authenticated users to change arbitrary opt...

CVE-2024-42453 is a privilege escalation vulnerability in Veeam Backup & Replication that allows low-privileged users to perform unauthorized actions ...

This vulnerability in Sky Addons for Elementor WordPress plugin allows authenticated attackers with subscriber-level access or higher to modify arbitr...

This CSRF vulnerability in Sky Addons for Elementor allows unauthenticated attackers to modify WordPress site options via forged requests that trick a...

This vulnerability in Oracle Process Manufacturing Product Development allows authenticated attackers with low privileges to perform unauthorized data...

This vulnerability in Oracle Product Hub allows authenticated attackers with low privileges to manipulate critical data or access sensitive informatio...

This vulnerability in the KB Support WordPress plugin allows authenticated attackers with Subscriber-level access or higher to perform unauthorized ad...

This CVE describes a missing authorization vulnerability in the WooCommerce Warranty Requests WordPress plugin. It allows attackers to bypass access c...

This CVE describes a Missing Authorization vulnerability in the WordPress plugin 'New Order Notification for Woocommerce' by Mr.Ebabi. It allows unaut...

The Moneytizer WordPress plugin has a missing capability check vulnerability that allows authenticated users with subscriber-level access or higher to...

This vulnerability in the WooCommerce Add to Cart Custom Redirect plugin allows authenticated attackers with contributor-level access or higher to mod...

This vulnerability allows authenticated users in Rundeck to bypass authorization checks and access two specific URLs, enabling them to view or delete ...

This vulnerability allows authenticated users with read-only permissions on Lenovo ThinkSystem servers to change other users' passwords through a craf...

This vulnerability in XWiki Platform allows attackers with edit access to any document (including default-editable user profiles) to move any attachme...

CVE-2023-39438 is an authorization bypass vulnerability in CLA-assistant that allows any authenticated user to read, update, or delete CLA (Contributo...

The WP Quick FrontEnd Editor plugin for WordPress has a missing capability check vulnerability that allows low-privileged authenticated users (like su...

This vulnerability in StruxureWare Data Center Expert allows attackers to bypass authorization controls and perform unauthorized actions like viewing,...

This vulnerability allows attackers to unlock MEGAFEIS and BOFEI DBD+ smart locks without authorization by sending arbitrary API requests to the mobil...

The ARMember WordPress plugin before version 3.4.8 contains an authentication bypass vulnerability that allows unauthenticated attackers to reset pass...

This vulnerability allows attackers to delete arbitrary files on XOS-Shop systems by manipulating the current_manufacturer_image parameter in the manu...

This CVE describes a broken access control vulnerability in Olivetti d-COLOR MF3555 multifunction printers. Attackers can bypass authentication and ac...

This vulnerability allows authenticated Rundeck users to modify or delete system or project calendars without proper authorization. This could cause s...

CVE-2022-21660 is an authentication bypass vulnerability in gin-vue-admin where low-privilege users can modify higher-privilege user accounts due to m...

CVE-2021-40501 is an authorization bypass vulnerability in SAP ABAP Platform Kernel that allows authenticated business users to escalate privileges an...

Projectsend r1295 has an authorization bypass vulnerability that allows users with uploader role to download and edit all files in the application. Th...

This vulnerability allows unauthenticated attackers to delete all data from affected Compro IP camera devices by accessing a specific CGI script. It a...

This vulnerability in the LearnPress WordPress plugin allows remote attackers to escalate any user's privileges to 'LP Instructor' role via the 'accep...

This vulnerability allows view-only users in Proofpoint Insider Threat Management Server to bypass authorization checks and perform administrative act...

OpenIAM versions before 4.2.0.3 have an authorization bypass vulnerability in the administrative REST API endpoints. Attackers can perform administrat...

This CVE describes a sandbox escape vulnerability in Cursor code editor versions prior to 2.5. A malicious AI agent could write to improperly protecte...

This vulnerability allows low-privileged applications to modify critical system properties to enable ADB over network, potentially granting attackers ...

This vulnerability allows a malicious application to gain root privileges on affected Apple devices. It affects macOS, iOS, iPadOS, and visionOS syste...

This vulnerability allows local attackers to bypass device configuration restrictions in Android's WiFi settings due to missing permission checks. It ...

This vulnerability allows local attackers to install arbitrary certificates on Android devices without proper permissions, enabling local privilege es...

A permissions vulnerability in visionOS allows malicious applications to escalate privileges and gain root access. This affects visionOS devices runni...

A sandbox escape vulnerability in macOS allows malicious applications to bypass security restrictions and access system resources or other application...

This vulnerability allows authenticated users on Windows ARM systems to escalate privileges through Zoom Workplace's installer due to missing authoriz...

This vulnerability allows attackers to bypass Factory Reset Protection (FRP) on Android Wear devices without requiring user interaction or additional ...

This vulnerability allows untrusted Android apps to inject keyboard and touch events into the default Input Method Editor (IME) without proper permiss...

A local privilege escalation vulnerability allows low-privileged users to interact with a service that should be restricted. This affects systems runn...

A Missing Authorization vulnerability in Juniper Networks Junos OS Evolved allows local low-privileged users to gain root privileges by sending packet...