CWE-862: Missing Authorization

CVE-2020-27052 is an Android vulnerability that allows any app to bypass permissions and start in Lock Task Mode, which restricts users to a single ap...

This vulnerability allows local attackers to perform a factory reset on Bluetooth settings without proper permission checks. It affects Android 11 dev...

This vulnerability allows local attackers to create trusted virtual displays without proper permission checks in Android's DisplayManagerService. It e...

CVE-2020-23740 is a local privilege escalation vulnerability in DriverGenius driver update software. Attackers can exploit this vulnerability to eleva...

SAP Solution Tools Plug-In (ST-PI) contains an authorization bypass vulnerability where authenticated users can access sensitive information without p...

This CVE describes a missing authorization vulnerability in Gmission Web Fax that allows attackers to abuse authentication mechanisms and falsify sess...

This CVE describes a Missing Authorization vulnerability in HappyFiles Pro WordPress plugin that allows attackers to bypass access controls. It affect...

This vulnerability in SAP Business Warehouse and SAP Plug-In Basis allows authenticated attackers to add fields to arbitrary database tables/structure...

This directory traversal vulnerability in SAP Solution Manager allows authorized attackers to read files from any connected managed system using RFC-e...

CVE-2024-49657 is a missing authorization vulnerability in the ReneeCussack 3D Work In Progress WordPress plugin that allows attackers to delete arbit...

CVE-2024-39592 is an authorization bypass vulnerability in SAP PDCE (Product Data Cloud Edition) that allows authenticated users to escalate privilege...

This CVE describes a Missing Authorization vulnerability in the ARForms WordPress plugin that allows subscribers (low-privileged users) to delete arbi...

CVE-2024-1438 is a missing authorization vulnerability in the PressFore Rolo Slider WordPress plugin that allows attackers to perform unauthorized act...

CVE-2023-51500 is a missing authorization vulnerability in the Uncode Core WordPress plugin that allows attackers to delete arbitrary files on affecte...

This CVE describes an improper permission control vulnerability in the window management module of Huawei/HarmonyOS devices. It allows attackers to by...

This vulnerability allows remote authenticated users to access sensitive information through the GetStmUrlPath webapi component in Synology Surveillan...

CVE-2023-43700 is a missing authorization vulnerability in SICK APU's RDT400 component that allows unauthenticated remote attackers to modify data via...

This CVE describes a missing authorization vulnerability in the Jenkins ServiceNow DevOps plugin versions before 1.38.1. Attackers could exploit this ...

This vulnerability in GLPI allows authenticated users to create tickets on behalf of other users via the self-service interface, even when delegatee s...

This CVE describes a missing authorization vulnerability in the AIO WP Builder WordPress plugin that allows attackers to bypass access controls. It af...

This CVE describes a Missing Authorization vulnerability in the Broadstreet Ads WordPress plugin that allows attackers to bypass access controls. Atta...

This CVE describes a Missing Authorization vulnerability in the Hospital Doctor Directory WordPress plugin that allows attackers to bypass access cont...

This CVE describes a missing authorization vulnerability in the WordPress Institutions Directory plugin that allows attackers to bypass access control...

This CVE describes a Missing Authorization vulnerability in the Hotel Listing WordPress plugin that allows attackers to exploit incorrectly configured...

This CVE describes a missing authorization vulnerability in the Lawyer Directory WordPress plugin that allows attackers to bypass access controls. Att...

The WP JobHunt plugin for WordPress (used by JobCareer theme) has a missing capability check that allows authenticated attackers with Candidate-level ...

This CVE describes a Missing Authorization vulnerability in the ThemeAtelier IDonatePro WordPress plugin that allows attackers to bypass access contro...

In Flag Forge CTF platform version 2.1.0, non-admin users can create arbitrary challenges, allowing them to introduce malicious, incorrect, or mislead...

This CVE describes a missing authorization vulnerability in the Page Manager for Elementor WordPress plugin that allows attackers to bypass access con...

This vulnerability allows attackers to spoof emails through an administrative API in JetBrains YouTrack. Attackers could send emails appearing to come...

This vulnerability allows automatic login to the EPC2 Windows user account without password authentication during device startup. It affects industria...

A missing authorization vulnerability in the Team Builder WordPress plugin allows attackers to bypass access controls and perform unauthorized actions...

This CVE describes a Missing Authorization vulnerability in the YayCommerce YayExtra WordPress plugin that allows attackers to bypass access controls....

A Broken Object Level Authorization vulnerability in Mealie v2.2.0 allows authenticated users to modify their own profile to escalate privileges or ch...

This CVE describes a Missing Authorization vulnerability in the revmakx DefendWP Firewall WordPress plugin that allows attackers to exploit incorrectl...

CVE-2023-35037 is a missing authorization vulnerability in the Surfer WordPress plugin that allows attackers to bypass access controls and potentially...

This CVE describes a Missing Authorization vulnerability in the Ninja Forms WordPress plugin that allows subscribers to perform unauthorized actions. ...

This CVE describes a Missing Authorization vulnerability in the Betheme WordPress theme that allows contributors to perform actions they shouldn't hav...

This CVE describes a Missing Authorization vulnerability in the POSIMYTH Nexter WordPress theme. It allows attackers to bypass access controls and per...

This CVE describes a Missing Authorization vulnerability in the ARForms Form Builder WordPress plugin. It allows attackers to bypass access controls a...

This CVE describes a Missing Authorization vulnerability in the ShortPixel Critical CSS WordPress plugin. It allows attackers to perform actions witho...

The WPGSI: Spreadsheet Integration plugin for WordPress has critical REST API endpoints that lack proper authentication and authorization checks. Unau...

This CVE describes a missing authorization vulnerability in the Jthemes Exzo WordPress theme that allows attackers to bypass access controls. It affec...

This CVE describes a missing authorization vulnerability in the ModelTheme Framework WordPress plugin that allows attackers to bypass access controls....

This CVE describes a missing authorization vulnerability in the GhostPool Gauge WordPress theme that allows attackers to bypass access controls. The v...

This CVE describes a Missing Authorization vulnerability in the NextMove Lite WordPress plugin that allows attackers to bypass access controls. The vu...

This CVE describes a Missing Authorization vulnerability in the YayCommerce YayCurrency WordPress plugin that allows attackers to delete arbitrary con...

The GDPR Cookie Consent WordPress plugin has an unauthenticated REST API vulnerability that allows attackers to retrieve sensitive plugin settings wit...

This vulnerability allows unauthenticated attackers to spoof BlueSnap IP addresses and send forged payment notifications to WordPress sites using the ...

CVE-2026-0490 is an authentication bypass vulnerability in SAP BusinessObjects BI Platform that allows unauthenticated attackers to send crafted netwo...