VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 38 of 278
  • CVE-2024-0122HigNov 23, 2024
    risk 0.49cvss 7.6epss 0.00

    NVIDIA Delegated Licensing Service for all appliance platforms contains a vulnerability where an attacker may cause an unauthorized action. A successful exploit of this vulnerability may lead to partial denial of service and confidential information disclosure.

  • CVE-2024-52383HigNov 14, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in aitool Ai Auto Tool Content Writing Assistant (Gemini Writer, ChatGPT ) All in One ai-auto-tool allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ai Auto Tool Content Writing Assistant (Gemini…

  • CVE-2024-43212HigNov 1, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in MagePeople Team WpTravelly allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects WpTravelly: from n/a through 1.7.7.

  • CVE-2024-43158HigNov 1, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in masteriyo Masteriyo - LMS learning-management-system.This issue affects Masteriyo - LMS: from n/a through <= 1.11.4.

  • CVE-2024-38726HigNov 1, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in PickPlugins Product Designer allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Product Designer: from n/a through 1.0.33.

  • CVE-2024-3305HigSep 12, 2024
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Utarit Information SoliClub allows Retrieve Embedded Sensitive Data. This issue affects SoliClub: before 4.4.0 for iOS, before 5.2.1 for Android.

  • CVE-2024-1744HigSep 6, 2024
    risk 0.49cvss 7.5epss 0.00

    Authorization Bypass Through User-Controlled Key, Missing Authorization vulnerability in Ariva Computer Accord ORS allows Retrieve Embedded Sensitive Data. This issue affects Accord ORS: before 7.3.2.1.

  • CVE-2024-38699HigAug 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WP Swings Wallet System for WooCommerce allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Wallet System for WooCommerce: from n/a through 2.5.13.

  • CVE-2024-37935HigAug 13, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in anhvnit Woocommerce OpenPos allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Woocommerce OpenPos: from n/a through 6.4.4.

  • CVE-2023-45658HigJun 19, 2024
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in POSIMYTH Nexter.This issue affects Nexter: from n/a through 2.0.3.

  • CVE-2023-48280HigJun 12, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1.

  • CVE-2024-24703HigJun 11, 2024
    risk 0.49cvss 8.6epss 0.00

    Missing Authorization vulnerability in MultiVendorX WC Marketplace.This issue affects WC Marketplace: from n/a through 4.0.25.

  • CVE-2024-34800HigJun 10, 2024
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in Crafthemes Crafthemes Demo Import crafthemes-demo-import allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Crafthemes Demo Import: from n/a through <= 3.3.

  • CVE-2024-32715HigJun 9, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Olive Themes Olive One Click Demo Import.This issue affects Olive One Click Demo Import: from n/a through 1.1.1.

  • CVE-2024-32777HigJun 9, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in BizSwoop a CPF Concepts, LLC Brand BizPrint.This issue affects BizPrint: from n/a through 4.3.39.

  • CVE-2024-1662HigJun 5, 2024
    risk 0.49cvss 7.5epss 0.00

    Missing Authentication for Critical Function, Missing Authorization vulnerability in PORTY Smart Tech Technology Joint Stock Company PowerBank Application allows Retrieve Embedded Sensitive Data. This issue affects PowerBank Application: before 2.02.

  • CVE-2023-23988HigMay 17, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in Joseph C Dolson My Tickets.This issue affects My Tickets: from n/a through 1.9.11.

  • CVE-2024-32724HigMay 14, 2024
    risk 0.49cvss 7.5epss 0.01

    Missing Authorization vulnerability in Woo product importer Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy.This issue affects Sharkdropship dropshipping for Aliexpress, eBay, Amazon, etsy: from n/a through 2.1.1.

  • CVE-2024-31270HigMay 8, 2024
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in Repute InfoSystems ARForms Form Builder.This issue affects ARForms Form Builder: from n/a through 1.6.1.

  • CVE-2024-32810HigMay 3, 2024
    risk 0.49cvss 7.6epss 0.00

    Missing Authorization vulnerability in ShortPixel ShortPixel Critical CSS.This issue affects ShortPixel Critical CSS: from n/a through 1.0.2.