CWE-862: Missing Authorization

The Jenkins Assembla Auth Plugin vulnerability allows users with EDIT permissions to gain Overall/Manage and Overall/SystemRead permissions even when ...

This vulnerability allows authenticated users in Hazelcast clusters to bypass permission checks for executor services, enabling them to execute tasks ...

POS Codekop v2.0 contains an authenticated remote code execution vulnerability via the filename parameter. This allows authenticated attackers to uplo...

This vulnerability allows authenticated attackers with subscriber-level permissions or higher to bypass authorization checks in 16 XforWooCommerce Wor...

An improper access control vulnerability in CONPROSYS HMI System (CHS) allows local users to escalate privileges to administrative level. This affects...

CVE-2022-31595 is an authorization bypass vulnerability in SAP Financial Consolidation version 1010 that allows authenticated users to escalate privil...

The Filr WordPress plugin before version 1.2.2.1 lacks proper authorization checks in two AJAX actions, allowing any authenticated user (even subscrib...

CVE-2022-29611 is an authorization bypass vulnerability in SAP NetWeaver Application Server for ABAP and ABAP Platform that allows authenticated users...

CVE-2021-44595 is a privilege escalation vulnerability in Wondershare Dr. Fone where unprivileged users can send crafted packets to ElevationService.e...

This vulnerability in KVM's AMD SVM nested virtualization allows a malicious L1 guest to disable security intercepts for L2 guests, potentially enabli...

The Jenkins SWAMP Plugin vulnerability allows attackers with Overall/Read permission to connect to arbitrary web servers using attacker-specified cred...

CVE-2022-24450 is an access control vulnerability in NATS nats-server that allows any authenticated user to escalate privileges to the System account ...

This vulnerability allows authenticated users with read-only privileges in FatPipe WARP, IPVPN, and MPVPN software to create administrative accounts, ...

This vulnerability allows an attacker to pair Bluetooth devices with an Android device without user consent due to a missing permission check in the S...

This vulnerability in SAP GRC Access Control allows authenticated users to bypass authorization checks, potentially escalating their privileges within...

This vulnerability allows authenticated attackers to execute arbitrary code on Chamilo LMS servers by uploading a malicious .htaccess file through the...

This vulnerability allows authenticated users with valid Ozone S3 credentials to impersonate any other user by creating specific OM requests. It affec...

A vulnerability in KVM's AMD SVM nested virtualization allows a malicious L1 guest to enable AVIC support for L2 guests, bypassing proper validation. ...

This vulnerability allows unauthenticated attackers to export all redirect rules from WordPress sites using the Simple 301 Redirects by BetterLinks pl...

This vulnerability in the Simple 301 Redirects by BetterLinks WordPress plugin allows authenticated users to install arbitrary plugins on vulnerable s...

This vulnerability in Tutor LMS WordPress plugin allows students to access unprotected AJAX endpoints, enabling them to modify course information and ...

CVE-2021-21487 is an authorization bypass vulnerability in SAP Payment Engine version 500 that allows authenticated users to escalate privileges witho...

This vulnerability allows authenticated devices in Eclipse Hono to receive command & control messages intended for other devices without proper author...

This vulnerability allows authenticated WordPress users with at least author-level permissions to delete arbitrary files on the server through the Eas...

This CVE describes a Missing Authorization vulnerability in the Tyler Moore Super Blank WordPress plugin that allows unauthorized users to delete arbi...

This vulnerability in the Document Embedder WordPress plugin allows unauthenticated attackers to perform CRUD operations (create, read, update, delete...

An unauthenticated attacker can read or modify metadata in Juniper Junos Space Security Director, potentially causing managed SRX Series devices to by...

This CVE describes a Missing Authorization vulnerability in Md Yeasin Ul Haider's URL Shortener WordPress plugin that allows attackers to access funct...

This vulnerability allows unauthorized users to access sensitive information via HTTP GET requests and modify critical service configurations via HTTP...

CVE-2025-26961 is an unauthenticated broken access control vulnerability in the Fresh Framework WordPress plugin that allows attackers to bypass autho...

The Host PHP Info WordPress plugin allows unauthenticated attackers to access sensitive server configuration information via the phpinfo() function wi...

This CVE describes a Missing Authorization vulnerability in the Japanized For WooCommerce WordPress plugin that allows attackers to bypass access cont...

This CVE describes a Missing Authorization vulnerability in the Post SMTP Mailer/Email Log WordPress plugin that allows unauthorized access to API end...

This CVE describes a Missing Authorization vulnerability in the MultiVendorX WC Marketplace WordPress plugin. It allows unauthorized users to perform ...

This CVE describes a Missing Authorization vulnerability in the LeadConnector WordPress plugin that allows unauthorized access to API endpoints. Attac...

CVE-2024-25911 is a Missing Authorization vulnerability in the WordPress MoveTo plugin that allows unauthenticated attackers to delete arbitrary files...

This vulnerability in spice-server allows unauthorized restart of KVM virtual machines in Red Hat's VDI product. It affects systems running specific v...

The Kali Forms WordPress plugin up to version 2.1.1 contains an unauthenticated arbitrary post deletion vulnerability. Attackers can delete any WordPr...

This vulnerability allows any user to download any file from the MeterSphere testing platform without authentication. It affects all MeterSphere users...

CVE-2021-44793 is an authorization bypass vulnerability in Single Connect's sc-reports-ui module that allows unauthenticated remote attackers to acces...

CVE-2021-21307 is an unauthenticated remote code execution vulnerability in Lucee Server's admin interface. Attackers can exploit this to execute arbi...

CVE-2021-21246 is an authorization bypass vulnerability in OneDev's REST API that allows unauthenticated users to retrieve arbitrary user details incl...

This vulnerability allows authenticated GitLab users with specific permissions to hijack project runners from other projects, potentially executing un...

This vulnerability allows attackers to apply compliance frameworks to projects outside their authorized scope due to a missing authorization check in ...

CVE-2025-42983 is a high-severity vulnerability in SAP Business Warehouse and SAP Plug-In Basis that allows authenticated attackers to delete arbitrar...

This vulnerability in Azure Virtual Desktop allows authenticated attackers to escalate privileges through missing authorization checks. Attackers coul...

The W3 Total Cache WordPress plugin up to version 2.8.1 lacks proper capability checks, allowing authenticated users with Subscriber-level access or h...

This vulnerability in the WPForms WordPress plugin allows authenticated users with Subscriber-level access or higher to refund payments and cancel sub...

This vulnerability in AMD RomArmor allows attackers to bypass security protections during system resume from standby, potentially accessing sensitive ...

This vulnerability allows local attackers to bypass factory reset protections in Android's Settings app, potentially enabling unauthorized device rese...