VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 84 of 278
  • CVE-2026-10815MedJun 4, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in…

  • CVE-2026-27331MedMay 26, 2026
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5.

  • CVE-2026-42776MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7.

  • CVE-2026-40133MedMay 12, 2026
    risk 0.41cvss 6.3epss 0.00

    Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this…

  • CVE-2026-25460MedMar 25, 2026
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1.

  • CVE-2026-27091MedMar 19, 2026
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09.

  • CVE-2026-3977MedMar 12, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is…

  • CVE-2026-28071MedMar 5, 2026
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in PixFort pixfort Core pixfort-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects pixfort Core: from n/a through <= 3.2.22.

  • CVE-2026-2819MedFeb 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be…

  • CVE-2026-2065MedFeb 6, 2026
    risk 0.41cvss 6.3epss 0.01

    A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from…

  • CVE-2025-15406MedJan 1, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.

  • CVE-2025-15390MedDec 31, 2025
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and…

  • CVE-2025-64192MedDec 18, 2025
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.

  • CVE-2025-0836MedDec 16, 2025
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.

  • CVE-2025-53236MedOct 22, 2025
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in AndonDesign UDesign Core u-design-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UDesign Core: from n/a through <= 4.14.0.

  • CVE-2025-49377MedOct 22, 2025
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through <= 1.1.9.

  • CVE-2025-11438MedOct 8, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed…

  • CVE-2025-8807MedAug 10, 2025
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The…

  • CVE-2025-47565MedJul 4, 2025
    risk 0.41cvss 6.3epss 0.00

    Missing Authorization vulnerability in ashanjay EventON eventon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventON: from n/a through <= 4.9.9.

  • CVE-2025-43009MedMay 13, 2025
    risk 0.41cvss 6.3epss 0.00

    SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.