CWE-862: Missing Authorization

The Media Library Folders WordPress plugin has missing capability checks on AJAX functions, allowing authenticated users with subscriber-level access ...

This vulnerability in Jenkins allows attackers with Overall/Read permission to access other users' 'My Views' without proper authorization. It affects...

This CVE describes a Missing Authorization vulnerability in the Crocoblock JetElements For Elementor WordPress plugin. It allows attackers to perform ...

The AliExpress Dropshipping with AliNext Lite WordPress plugin has a missing capability check vulnerability that allows authenticated attackers with s...

This vulnerability allows users without proper permissions to enable the auto-attach option for workflows in JetBrains YouTrack. This could lead to un...

This CVE describes a missing authorization vulnerability in the Kingkong Board WordPress plugin that allows unauthorized users to perform actions inte...

This CVE describes a Missing Authorization vulnerability in the Easy Social Share Buttons WordPress plugin. It allows attackers to perform unauthorize...

This CVE describes a Missing Authorization vulnerability in the Church Admin WordPress plugin that allows attackers to exploit incorrectly configured ...

This CVE describes a Missing Authorization vulnerability in the Tilda Publishing WordPress plugin that allows unauthorized users to perform actions re...

CVE-2022-0611 is a missing authorization vulnerability in Snipe-IT asset management software that allows authenticated users to access unauthorized fu...

This CVE describes a macOS vulnerability where an app with root privileges could bypass entitlement checks to access private information. It affects m...

This CVE describes a Missing Authorization vulnerability in the Dreamfox Media Payment gateway per Product for WooCommerce plugin. It allows attackers...

The Rakuten Ichiba mobile apps for Android and iOS contain an improper authorization vulnerability in their custom URL scheme handlers. This allows ot...

The Everest Backup WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to retrieve backup file locations...

Optimizely Configured Commerce versions before 5.2.2408 allow mass account creation without email confirmation for new accounts. This affects all B2B ...

The Frontend File Manager WordPress plugin through version 23.5 allows unauthenticated attackers to send emails through the website without authentica...

This vulnerability allows unauthenticated attackers to access sensitive CI/CD variables through GitLab's GraphQL API. It affects all GitLab CE/EE inst...

CVE-2025-43008 is an authorization bypass vulnerability in SAP systems that allows unauthorized users to view files belonging to other companies. This...

This CVE describes a Missing Authorization vulnerability in the IdeaPush WordPress plugin that allows attackers to exploit incorrectly configured acce...

This CVE describes a missing authorization vulnerability in the MagePeople Team Booking and Rental Manager WordPress plugin that allows attackers to b...

This vulnerability in Mogu Blog v2 allows unauthorized access to the storage management endpoint due to missing authorization controls. Attackers can ...

CVE-2025-42891 is a missing authorization vulnerability in SAP Enterprise Search for ABAP that allows authenticated attackers with high privileges to ...

This vulnerability allows any app on an Android device to read media files from other user profiles without proper permission checks, leading to unaut...

This CVE describes a missing permission check vulnerability in Android's IntentResolver component that allows local information disclosure across user...

This CVE describes a local privilege escalation vulnerability in Android's MMS service that allows unauthorized file access across user boundaries. An...

This CVE-2025-48591 vulnerability allows local attackers to read files from other users on Android devices without requiring any permissions or user i...

This vulnerability allows local users with administrative privileges on macOS systems to bypass Bitdefender's uninstall password protection. Attackers...

A missing authorization vulnerability in the Elliot Sowersby / RelyWP Coupon Affiliates WordPress plugin allows attackers to bypass access controls an...

This vulnerability in Android's Audio Service allows local attackers to obtain MAC addresses of nearby Bluetooth devices without proper permission che...

This vulnerability allows local attackers to bypass permission checks in Android's WiFi system service, potentially causing denial of service without ...

This vulnerability allows local attackers to access sensitive network connectivity data without proper permissions. It affects Android devices running...

This vulnerability in Android's CredentialManagerService allows local attackers to retrieve candidate credentials without proper permission checks. It...

This vulnerability in the TextNow application for Android allows any installed app without permissions to initiate phone calls without user interactio...

This macOS vulnerability allows applications to bypass sandbox restrictions and access protected user data. It affects macOS systems before Sequoia 15...

This CVE describes a macOS vulnerability where a malicious application can bypass file access restrictions and read arbitrary files on the system. It ...

This vulnerability in Android 13 allows local apps to access app usage data without proper permission checks, potentially exposing which apps are bein...

This Android vulnerability allows local apps to retrieve a trackable identifier from the voicemail settings component without proper permissions. It a...

This CVE describes an information disclosure vulnerability in Windows Mobile Device Management (MDM) Diagnostics that allows authenticated attackers t...

This vulnerability in IBM Engineering Requirements Management DOORS Next allows authenticated users to view and edit data beyond their assigned permis...

This CVE describes a missing authorization vulnerability in the WP Wand AI Content Generation WordPress plugin that allows attackers to exploit incorr...

This CVE describes a Missing Authorization vulnerability in the Ads Pro WordPress plugin (ap-plugin-scripteo) that allows attackers to bypass access c...

This CVE describes a Missing Authorization vulnerability in the Better Business Reviews WordPress plugin that allows attackers to exploit incorrectly ...

This vulnerability in the News Element Elementor Blog Magazine WordPress plugin allows authenticated attackers with Subscriber-level access or higher ...

This MongoDB vulnerability allows authenticated users to bypass intended read-only restrictions on the 'filter' parameter in profile commands, potenti...

The PopupKit WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Subscriber-level access or higher to read...

The Greenshift WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to retrieve ...

This CVE describes a missing authorization vulnerability in the ElementInvader Addons for Elementor WordPress plugin that allows attackers to exploit ...

This CVE describes a Missing Authorization vulnerability in the Mizan Demo Importer WordPress plugin that allows attackers to exploit incorrectly conf...

This CVE describes a missing authorization vulnerability in the WP Docs WordPress plugin that allows attackers to bypass access controls. Attackers ca...

This CVE describes a missing authorization vulnerability in the WP Swings Points and Rewards for WooCommerce plugin that allows attackers to exploit i...