CWE-862: Missing Authorization

The File Manager WordPress plugin versions up to 3.0 contain an authorization bypass vulnerability that allows unauthenticated attackers to download a...

This vulnerability in Oracle WebLogic Server allows unauthenticated attackers with network access via T3 or IIOP protocols to fully compromise the ser...

The Hunk Companion WordPress plugin has an unauthenticated REST API vulnerability that allows attackers to install and activate arbitrary plugins. Thi...

This vulnerability allows unauthenticated attackers to upload arbitrary files and install/activate arbitrary plugins on WordPress sites using the Gute...

This vulnerability in the MultiVendorX WordPress plugin allows unauthenticated attackers to perform privilege escalation and account takeover attacks....

This CVE describes a Missing Authorization vulnerability in SAMPAŞ Holding's AKOS services that allows unauthorized data collection. Attackers can ex...

This vulnerability allows unauthorized users to obtain logon tokens via a REST endpoint when Single Sign-On is enabled with Enterprise authentication ...

CVE-2024-6806 is a critical authorization bypass vulnerability in NI VeriStand Gateway that allows unauthorized actors to access project resources. Th...

The WooCommerce Social Login plugin for WordPress has an authentication bypass vulnerability that allows unauthenticated attackers to register account...

The MStore API WordPress plugin has an authentication bypass vulnerability that allows unauthenticated attackers to log in as any existing user by exp...

This vulnerability allows unauthenticated attackers to modify arbitrary WordPress site options and create administrator accounts via the InstaWP Conne...

CVE-2024-31244 is a Missing Authorization vulnerability in the Bricksforge WordPress plugin that allows unauthenticated attackers to change arbitrary ...

This CVE describes a missing authorization vulnerability in Unifier and Unifier Cast software that allows attackers to execute arbitrary code with Loc...

This vulnerability allows unauthenticated attackers to escalate privileges in the Fluent Forms WordPress plugin by accessing a REST API endpoint witho...

The Tutor LMS WordPress plugin has a missing capability check vulnerability that allows unauthenticated attackers to add, modify, or delete data. This...

CVE-2024-27939 is a critical vulnerability in Siemens RUGGEDCOM CROSSBOW industrial network management software that allows unauthenticated attackers ...

This CVE describes an unauthenticated arbitrary WordPress settings change vulnerability in the MoveTo plugin. Attackers can modify WordPress configura...

This vulnerability allows unauthenticated attackers to bypass authentication on the POST SMTP Mailer WordPress plugin's REST API endpoint due to a typ...

The affiliate-toolkit WordPress plugin before version 3.4.3 has an unauthenticated Server-Side Request Forgery (SSRF) vulnerability. Unauthenticated a...

Redpanda versions before 23.1.21 and 23.2.x before 23.2.18 have missing authorization checks in the Transactions API, allowing unauthorized users to p...

CVE-2023-48417 is a missing permission check vulnerability in KeyChainActivity applications that allows unauthorized access and manipulation of sensit...

The Jenkins MATLAB Plugin vulnerability allows attackers to read arbitrary XML files from the Jenkins controller file system due to missing permission...

This critical vulnerability in Cisco Catalyst SD-WAN Manager allows unauthenticated remote attackers to bypass authentication via SAML API flaws, gain...

This vulnerability allows unauthenticated attackers to access sensitive information and obtain user tokens on TP-LINK ER5120G routers, enabling them t...

This vulnerability in Netis 360RAC1200 routers allows unauthenticated attackers to access sensitive device information and user tokens, enabling them ...

This vulnerability in SNMP Web Pro v1.1 allows remote attackers to execute arbitrary code and access sensitive information through specially crafted r...

CVE-2023-36140 is a critical authentication vulnerability in PHPJabbers Cleaning Business Software 1.0 where user passwords are stored without encrypt...

This vulnerability affects certain HP LaserJet Pro printers that lack authentication on specific endpoints, allowing attackers to potentially gain ele...

The uListing WordPress plugin up to version 1.6.6 has an authorization bypass vulnerability that allows unauthenticated attackers to modify any WordPr...

The Kiwi Social Share WordPress plugin version 2.1.0 has an authorization bypass vulnerability that allows unauthenticated attackers to read and modif...

The uListing WordPress plugin up to version 1.6.6 has an authorization bypass vulnerability where unauthenticated users can access administrative acti...

This vulnerability in the Unauthenticated Account Creation plugin for WordPress allows unauthenticated attackers to create user accounts, including ad...

The uListing WordPress plugin up to version 1.6.6 has an authentication bypass vulnerability that allows unauthenticated attackers to modify any user ...

The Easy WP SMTP WordPress plugin up to version 1.3.9 has an authorization bypass vulnerability that allows unauthenticated attackers to modify plugin...

This vulnerability in eZ Publish Ibexa Kernel allows attackers to bypass object state-based access controls, potentially accessing restricted content....

CVE-2021-31577 is a missing permission check vulnerability in Boa web server that allows remote attackers to escalate privileges without authenticatio...

This vulnerability allows a client application with a valid access token to exchange tokens for any target client by specifying the target's client_id...

CVE-2022-28993 allows attackers to take over user accounts in Multi Store Inventory Management System v1.0 by sending specially crafted POST requests....

This vulnerability allows attackers to bypass authorization checks in the QuizGame extension for MediaWiki, granting unauthorized access to admin API ...

CVE-2021-32172 is a critical pre-authentication remote code execution vulnerability in Maian Cart v3.8's Elfinder plugin due to broken access control....

CVE-2021-33924 is an incorrect access control vulnerability in Confluent's cp-ansible automation tool that allows remote attackers to access sensitive...

CVE-2021-37270 is an authentication bypass vulnerability in CMS Enterprise Website Construction System 5.0 that allows unauthenticated attackers to di...

CVE-2021-37535 is a critical authorization bypass vulnerability in SAP NetWeaver Application Server Java's JMS Connector Service. It allows attackers ...

This vulnerability allows attackers to enable Telnet service on TOTOLINK A720R routers via a crafted POST request, then gain access using default cred...

CVE-2021-27903 is a remote code execution vulnerability in Craft CMS that allows attackers to execute arbitrary code on affected systems. This vulnera...

This vulnerability allows external clients to bypass Istio's authorization checks and access internal Kubernetes services they shouldn't have access t...

This critical vulnerability allows unauthenticated attackers to remotely compromise Citrix ShareFile Storage Zones Controller systems. It affects all ...

This CVE describes a vulnerability in Progress Telerik UI for ASP.NET AJAX that allows unauthorized access to MicrosoftAjax.js through the Telerik.Web...

CVE-2020-28215 is a missing authorization vulnerability in Schneider Electric's Easergy T300 firmware that allows attackers to bypass access controls....

CVE-2020-27998 is a critical vulnerability in FastReport versions before 2020.4.0, where the lack of a ScriptSecurity feature allows attackers to exec...