CWE-862: Missing Authorization

This vulnerability allows attackers to bypass access restrictions on property values in LG's Universal Integrated Circuit Card (lguicc) software on An...

This vulnerability allows authenticated low-privileged users in SAP NetWeaver ABAP systems to execute unauthorized background Remote Function Calls, b...

An authenticated non-privileged user in JumpServer can retrieve connection tokens belonging to all users via the super-connection API endpoint, allowi...

An unauthenticated attacker can access sensitive data and tamper with resources on Juniper Security Director due to missing authorization checks on mu...

CVE-2025-42989 is a privilege escalation vulnerability in SAP systems where authenticated users can bypass authorization checks during RFC inbound pro...

A missing authorization vulnerability in the Order Listener for WooCommerce plugin allows attackers to bypass access controls and perform unauthorized...

This vulnerability allows unauthenticated attackers to execute unpublished edit-mode actions in publicly accessible Appsmith applications. Attackers c...

CVE-2025-53825 is an unauthenticated remote code execution vulnerability in Dokploy's preview deployment feature. Any user can trigger arbitrary code ...

An authorization bypass vulnerability in FUXA web-based SCADA/HMI software allows unauthenticated remote attackers to create and modify arbitrary sche...

PlaciPy placement management system version 1.0.0 has an authorization vulnerability where authenticated users can access other users' student submiss...

PlaciPy placement management system version 1.0.0 has a missing object-level authorization vulnerability that allows authenticated users to access ass...

This CVE describes a Missing Authorization vulnerability in the Payment Gateway bKash for WC WordPress plugin that allows attackers to bypass access c...

The Frontend Admin by DynamiApps WordPress plugin has an authorization bypass vulnerability that allows unauthenticated attackers to delete any conten...

This CVE describes a missing authorization vulnerability in the Sunshine Photo Cart WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a missing authorization vulnerability in the Brave Popup Builder WordPress plugin that allows attackers to bypass access controls. ...

This CVE describes a missing authorization vulnerability in the Gutenverse Form WordPress plugin that allows attackers to bypass access controls. It a...

This CVE describes a Missing Authorization vulnerability in the Yaad Sarig Payment Gateway for WooCommerce WordPress plugin. It allows attackers to ex...

CVE-2025-65669 is an authorization bypass vulnerability in classroomio 0.1.13 that allows student accounts to delete courses from the Explore page wit...

This CVE describes a Missing Authorization vulnerability in the Sertifier Certificate & Badge Maker WordPress plugin that allows attackers to bypass a...

This CVE describes a Missing Authorization vulnerability in the themeshopy TS Demo Importer WordPress plugin (ts-demo-importer) that allows attackers ...

This CVE describes a Missing Authorization vulnerability in the Sunshine Photo Cart WordPress plugin that allows attackers to access functionality not...

This vulnerability in the WordPress Custom Searchable Data Entry System plugin allows unauthenticated attackers to completely wipe critical database t...

This vulnerability in Liferay Portal and DXP allows improper access through the expandoTableLocalService, potentially enabling unauthorized data acces...

This vulnerability allows unauthorized attackers to perform spoofing attacks against Remote Desktop Server by exploiting missing authorization checks....

A missing authorization vulnerability in DELMIA Apriso allows attackers to bypass authentication and gain privileged access to the application. This a...

This CVE describes a Missing Authorization vulnerability in MediaWiki's AbuseFilter extension that allows unauthorized users to bypass access controls...

This CVE describes a missing authorization vulnerability in Wikimedia's MediaWiki AbuseFilter extension that allows unauthorized users to bypass acces...

This vulnerability allows an attacker to enable iCloud folder sharing without proper authentication. It affects multiple Apple operating systems inclu...

This CVE describes a Missing Authorization vulnerability in Drupal Open Social that allows Forceful Browsing (direct access to restricted pages withou...

This vulnerability allows unauthenticated attackers to create and modify user accounts, including Administrator accounts, in Serosoft Academia SIS Eag...

This CVE describes an authentication bypass vulnerability in Apple's Private Browsing feature across multiple platforms. Attackers could access Privat...

This vulnerability allows attackers to install and activate arbitrary WordPress plugins without proper authorization. It affects all WordPress sites u...

This vulnerability allows unauthenticated attackers to change plugin settings in JS Help Desk WordPress plugin due to missing authorization checks. An...

This vulnerability allows any XWiki user with script rights to execute arbitrary remote code by adding XWiki.ConfigurableClass instances to pages. Thi...

This CVE describes a broken access control vulnerability in the Simple User Registration WordPress plugin that allows unauthorized users to delete use...

This vulnerability allows unauthorized attackers to modify SAML configuration settings in lunary-ai/lunary version 1.3.2. This can lead to authenticat...

This vulnerability in the MP3 Audio Player WordPress plugin allows authenticated attackers with subscriber-level access or higher to delete arbitrary ...

CVE-2024-45168 is a critical authentication bypass vulnerability in UCI IDOL 2 software where data is transmitted over raw sockets without authenticat...

This CVE describes a missing authorization vulnerability in the Avada WordPress theme that allows authenticated users with author-level permissions to...

This CVE describes an unauthenticated broken access control vulnerability in the UkrSolution Barcode Scanner with Inventory & Order Manager WordPress ...

This CVE describes a Missing Authorization vulnerability in the ARMember WordPress plugin that allows unauthorized users to access privileged function...

This vulnerability in the Boomerang Parental Control Android app allows children to bypass parental restrictions by entering Android's Safe Mode, wher...

This vulnerability in Acronis Cyber Protect Home Office for Windows allows unauthorized users to access and manipulate sensitive information due to mi...

This CVE-2023-41296 is a missing authorization vulnerability in a Huawei kernel module that allows unauthorized access to kernel functions. Successful...

This vulnerability in the WordPress Automatic Plugin allows unauthenticated attackers to modify any WordPress site setting without authorization. It a...

Onekeyadmin v1.3.9 contains an arbitrary file deletion vulnerability in the plugins controller component. This allows authenticated attackers to delet...

This vulnerability in IBM Spectrum Scale 5.1 and Elastic Storage System 6.1 allows unauthorized access to user data or injection of arbitrary data thr...

CVE-2022-0871 is a missing authorization vulnerability in Gogs (a self-hosted Git service) that allows attackers to bypass authentication and access u...

Apache ShenYu versions 2.4.0 and 2.4.1 have an authentication bypass vulnerability in the /plugin API endpoint. This allows unauthenticated attackers ...

Apache Ozone versions before 1.2.0 expose internal RPC endpoints that allow attackers to download raw data from Datanode and Ozone Manager components,...