VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 16 of 278
  • CVE-2025-28965HigJul 16, 2025
    risk 0.56cvss 8.6epss 0.00

    Missing Authorization vulnerability in Md Yeasin Ul Haider URL Shortener exact-links allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects URL Shortener: from n/a through <= 3.0.7.

  • CVE-2025-4430HigMay 14, 2025
    risk 0.56cvss epss 0.00

    Unauthorized access to "/api/Token/gettoken" endpoint in EZD RP allows file manipulation.This issue affects EZD RP in versions before 20.19 (published on 22nd August 2024).

  • CVE-2025-26961HigMar 15, 2025
    risk 0.56cvss 8.6epss 0.00

    Missing Authorization vulnerability in FRESHFACE Fresh Framework fresh-framework allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Fresh Framework: from n/a through <= 1.70.0.

  • CVE-2024-34378HigMay 6, 2024
    risk 0.56cvss 8.6epss 0.00

    Missing Authorization vulnerability in LeadConnector.This issue affects LeadConnector: from n/a through 1.7.

  • CVE-2024-25911HigApr 16, 2024
    risk 0.56cvss 8.6epss 0.01

    Missing Authorization vulnerability in Skymoon Labs MoveTo.This issue affects MoveTo: from n/a through 6.2.

  • CVE-2024-0324HigFeb 5, 2024
    risk 0.56cvss 8.2epss 0.02

    The User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'wppb_two_factor_authentication_settings_update' function in all…

  • CVE-2023-6600HigJan 3, 2024
    risk 0.56cvss 8.6epss 0.00

    The OMGF | GDPR/DSGVO Compliant, Faster Google Fonts. Easy. plugin for WordPress is vulnerable to unauthorized modification of data and Stored Cross-Site Scripting due to a missing capability check on the update_settings() function hooked via admin_init in all versions up to,…

  • CVE-2022-46850HigJun 19, 2023
    risk 0.56cvss 8.6epss 0.01

    Auth. (author+) Broken Access Control vulnerability leading to Arbitrary File Deletion in Nabil Lemsieh Easy Media Replace plugin <= 0.1.3 versions.

  • CVE-2020-36712HigJun 7, 2023
    risk 0.56cvss 8.6epss 0.01

    The Kali Forms plugin for WordPress is vulnerable to Unauthenticated Arbitrary Post Deletion in versions up to, and including, 2.1.1. This is due to the kaliforms_form_delete_uploaded_file function lacking any privilege or user protections. This makes it possible for…

  • CVE-2021-44793HigJan 27, 2022
    risk 0.56cvss 8.6epss 0.01

    Single Connect does not perform an authorization check when using the sc-reports-ui" module. A remote attacker could exploit this vulnerability to access the device configuration page and export the data to an external file. The exploitation of this vulnerability might allow a…

  • CVE-2017-7914HigJun 14, 2017
    risk 0.56cvss 8.6epss 0.07

    A Missing Authorization issue was discovered in Rockwell Automation PanelView Plus 6 700-1500 6.00.04, 6.00.05, 6.00.42, 6.00-20140306, 6.10.20121012, 6.10-20140122, 7.00-20121012, 7.00-20130108, 7.00-20130325, 7.00-20130619, 7.00-20140128, 7.00-20140310, 7.00-20140429,…

  • CVE-2026-45549HigJun 10, 2026
    risk 0.55cvss 8.5epss 0.00

    Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, agent_action (app/routes/smon/agent_routes.py:166-179) has decorators @bp.post('/agent/action/') and @jwt_required() only — no role check, no group…

  • CVE-2026-44482CriMay 14, 2026
    risk 0.55cvss 9.6epss 0.00

    soundcloud-rpc is a SoundCloud Client with Discord Rich Presence, Dark Mode, Last.fm and AdBlock support. Prior to 0.1.8, a track title containing an HTML payload executed locally in the Electron app. This means attacker-controlled SoundCloud track metadata can lead to local…

  • CVE-2025-13348HigFeb 2, 2026
    risk 0.55cvss epss 0.00

    An improper access control vulnerability exists in ASUS Secure Delete Driver of ASUS Business Manager. This vulnerability can be triggered by a local user sending a specially crafted request, potentially leading to the creation of arbitrary files in a specified path. Refer to…

  • CVE-2024-36326HigSep 6, 2025
    risk 0.55cvss 8.4epss 0.00

    Missing authorization in AMD RomArmor could allow an attacker to bypass ROMArmor protections during system resume from a standby state, potentially resulting in a loss of confidentiality and integrity.

  • CVE-2025-49406HigAug 20, 2025
    risk 0.55cvss 8.5epss 0.00

    Missing Authorization vulnerability in favethemes Houzez allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Houzez: from n/a through 4.1.1.

  • CVE-2025-4046HigAug 19, 2025
    risk 0.55cvss 8.5epss 0.00

    A missing authorization vulnerability in Lexmark Cloud Services badge management allows attacker to reassign badges within their organization

  • CVE-2025-42983HigJun 10, 2025
    risk 0.55cvss 8.5epss 0.00

    SAP Business Warehouse and SAP Plug-In Basis allows an authenticated attacker to drop arbitrary SAP database tables, potentially resulting in a loss of data or rendering the system unusable. On successful exploitation, an attacker can completely delete database entries but is…

  • CVE-2025-2298HigApr 21, 2025
    risk 0.55cvss epss 0.00

    An improper authorization vulnerability in Dremio Software allows authenticated users to delete arbitrary files that the system has access to, including system files and files stored in remote locations such as S3, Azure Blob Storage, and local filesystems. This vulnerability…

  • CVE-2024-6406HigSep 18, 2024
    risk 0.55cvss epss 0.00

    Missing Authentication for Critical Function, Missing Authorization vulnerability in Yordam Information Technology Mobile Library Application allows Retrieve Embedded Sensitive Data. This issue affects Mobile Library Application: before 5.0.