VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 22 of 278
  • CVE-2024-14032HigApr 6, 2026
    risk 0.51cvss 7.8epss 0.00

    Twitch Studio version 0.114.8 and prior contain a privilege escalation vulnerability in its privileged helper tool that allows local attackers to execute arbitrary code as root by exploiting an unprotected XPC service. Attackers can invoke the installFromPath:toPath:withReply:…

  • CVE-2026-20626HigFeb 11, 2026
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with improved checks. This issue is fixed in iOS 26.3 and iPadOS 26.3, macOS Sequoia 15.7.4, macOS Tahoe 26.3, visionOS 26.3. A malicious app may be able to gain root privileges.

  • CVE-2025-43341HigSep 15, 2025
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.

  • CVE-2025-43316HigSep 15, 2025
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Tahoe 26, visionOS 26. A malicious app may be able to gain root privileges.

  • CVE-2025-43286HigSep 15, 2025
    risk 0.51cvss 7.8epss 0.00

    A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to break out of its sandbox.

  • CVE-2025-49459HigSep 9, 2025
    risk 0.51cvss 7.8epss 0.00

    Missing authorization in the installer for Zoom Workplace for Windows on ARM before version 6.5.0 may allow an authenticated user to conduct an escalation of privilege via local access.

  • CVE-2025-41698HigAug 5, 2025
    risk 0.51cvss 7.8epss 0.00

    A low privileged local attacker can interact with the affected service although user-interaction should not be allowed.

  • CVE-2025-43000HigMay 13, 2025
    risk 0.51cvss 7.9epss 0.00

    Under certain conditions Promotion Management Wizard (PMW) allows an attacker to access information which would otherwise be restricted.This has High impact on Confidentiality with Low impact on Integrity and Availability of the application.

  • CVE-2024-8272HigNov 25, 2024
    risk 0.51cvss 7.8epss 0.00

    The com.uaudio.bsd.helper service, responsible for handling privileged operations, fails to implement critical client validation during XPC inter-process communication (IPC). Specifically, the service does not verify the code requirements, entitlements, or security flags of any…

  • CVE-2024-40709HigSep 7, 2024
    risk 0.51cvss 7.8epss 0.00

    A missing authorization vulnerability allows a local low-privileged user on the machine to escalate their privileges to root level.

  • CVE-2024-0394HigApr 3, 2024
    risk 0.51cvss 7.8epss 0.00

    Rapid7 Minerva Armor versions below 4.5.5 suffer from a privilege escalation vulnerability whereby an authenticated attacker can elevate privileges and execute arbitrary code with SYSTEM privilege.  The vulnerability is caused by the product's implementation of…

  • CVE-2023-5311HigOct 25, 2023
    risk 0.51cvss 8.8epss 0.01

    The WP EXtra plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the register() function in versions up to, and including, 6.2. This makes it possible for authenticated attackers, with subscriber-level permissions and…

  • CVE-2022-4950HigJun 7, 2023
    risk 0.51cvss 8.8epss 0.01

    Several WordPress plugins developed by Cool Plugins are vulnerable to arbitrary plugin installation and activation that can lead to remote code execution by authenticated attackers with minimal permissions, such as a subscriber.

  • CVE-2018-5547HigAug 17, 2018
    risk 0.51cvss 7.8epss 0.00

    Windows Logon Integration feature of F5 BIG-IP APM client prior to version 7.1.7.1 for Windows by default uses Legacy logon mode which uses a SYSTEM account to establish network access. This feature displays a certificate user interface dialog box which contains the link to the…

  • CVE-2017-13247HigFeb 12, 2018
    risk 0.51cvss 7.8epss 0.00

    In the Pixel 2 bootloader, there is a missing permission check which bypasses carrier bootloader lock. This could lead to local elevation of privileges with user execution privileges needed. User interaction is not needed for exploitation. Product: Android. Versions: Android…

  • CVE-2017-17450HigDec 7, 2017
    risk 0.51cvss 7.8epss 0.00

    net/netfilter/xt_osf.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for add_callback and remove_callback operations, which allows local users to bypass intended access restrictions because the xt_osf_fingers data structure is shared across all…

  • CVE-2017-17448HigDec 7, 2017
    risk 0.51cvss 7.8epss 0.00

    net/netfilter/nfnetlink_cthelper.c in the Linux kernel through 4.14.4 does not require the CAP_NET_ADMIN capability for new, get, and del operations, which allows local users to bypass intended access restrictions because the nfnl_cthelper_list data structure is shared across…

  • CVE-2017-11042HigDec 5, 2017
    risk 0.51cvss 7.8epss 0.00

    In Android for MSM, Firefox OS for MSM, QRD Android, with all Android releases from CAF using the Linux kernel, ImsService and the IQtiImsExt AIDL APIs are not subject to access control.

  • CVE-2017-6251HigJul 28, 2017
    risk 0.51cvss 7.8epss 0.00

    NVIDIA Windows GPU Display Driver contains a vulnerability in the kernel mode layer handler where a missing permissions check may allow users to gain access to arbitrary physical system memory, which may lead to an escalation of privileges.

  • CVE-2017-4985HigJun 19, 2017
    risk 0.51cvss 7.8epss 0.00

    In EMC VNX2 versions prior to OE for File 8.1.9.211 and VNX1 versions prior to OE for File 7.1.80.8, a local authenticated user may potentially escalate their privileges to root due to authorization checks not being performed on certain perl scripts. This may potentially be…