CWE-862
Missing Authorization
Description
The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-665
CVEs mapped to this weakness (5,549)
page 84 of 278| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2026-10815 | Med | 0.41 | 6.3 | 0.00 | Jun 4, 2026 | A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in… | ||
| CVE-2026-27331 | Med | 0.41 | 6.3 | 0.00 | May 26, 2026 | Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5. | ||
| CVE-2026-42776 | Med | 0.41 | 6.3 | 0.00 | May 25, 2026 | Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7. | ||
| CVE-2026-40133 | Med | 0.41 | 6.3 | 0.00 | May 12, 2026 | Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this… | ||
| CVE-2026-25460 | Med | 0.41 | 6.3 | 0.00 | Mar 25, 2026 | Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1. | ||
| CVE-2026-27091 | Med | 0.41 | 6.3 | 0.00 | Mar 19, 2026 | Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09. | ||
| CVE-2026-3977 | Med | 0.41 | 6.3 | 0.00 | Mar 12, 2026 | A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is… | ||
| CVE-2026-28071 | Med | 0.41 | 6.3 | 0.00 | Mar 5, 2026 | Missing Authorization vulnerability in PixFort pixfort Core pixfort-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects pixfort Core: from n/a through <= 3.2.22. | ||
| CVE-2026-2819 | Med | 0.41 | 6.3 | 0.00 | Feb 20, 2026 | A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be… | ||
| CVE-2026-2065 | Med | 0.41 | 6.3 | 0.01 | Feb 6, 2026 | A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from… | ||
| CVE-2025-15406 | Med | 0.41 | 6.3 | 0.00 | Jan 1, 2026 | A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used. | ||
| CVE-2025-15390 | Med | 0.41 | 6.3 | 0.00 | Dec 31, 2025 | A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and… | ||
| CVE-2025-64192 | Med | 0.41 | 6.3 | 0.00 | Dec 18, 2025 | Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6. | ||
| CVE-2025-0836 | Med | 0.41 | 6.3 | 0.00 | Dec 16, 2025 | Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API. | ||
| CVE-2025-53236 | Med | 0.41 | 6.3 | 0.00 | Oct 22, 2025 | Missing Authorization vulnerability in AndonDesign UDesign Core u-design-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UDesign Core: from n/a through <= 4.14.0. | ||
| CVE-2025-49377 | Med | 0.41 | 6.3 | 0.00 | Oct 22, 2025 | Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through <= 1.1.9. | ||
| CVE-2025-11438 | Med | 0.41 | 6.3 | 0.00 | Oct 8, 2025 | A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed… | ||
| CVE-2025-8807 | Med | 0.41 | 6.3 | 0.00 | Aug 10, 2025 | A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The… | ||
| CVE-2025-47565 | Med | 0.41 | 6.3 | 0.00 | Jul 4, 2025 | Missing Authorization vulnerability in ashanjay EventON eventon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventON: from n/a through <= 4.9.9. | ||
| CVE-2025-43009 | Med | 0.41 | 6.3 | 0.00 | May 13, 2025 | SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application. |
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in LakshayD02 Hostel-Management-System-PHP up to f87e67c283bab6f718faf2fec6ae39a13bd7036b. This issue affects some unknown processing of the file hostel/index.php of the component Admin Dashboard Page. The manipulation of the argument ID results in…
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in Magepeople inc. WpTravelly allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WpTravelly: from n/a through 2.1.5.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in WP Sunshine Sunshine Photo Cart allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Sunshine Photo Cart: from n/a through 3.6.7.
- risk 0.41cvss 6.3epss 0.00
Due to missing authorization check in SAP S/4HANA Condition Maintenance, an authenticated attacker could gain unauthorized access to view and modify condition table records, resulting in low impact on the confidentiality and integrity of the data. Additionally, this…
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in LiquidThemes Ave Core ave-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Ave Core: from n/a through <= 2.9.1.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in UiPress UiPress lite uipress-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UiPress lite: from n/a through <= 3.5.09.
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in projectsend up to r1945. The affected element is an unknown function of the component AJAX Endpoints. The manipulation leads to missing authorization. The attack can be initiated remotely. The identifier of the patch is…
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in PixFort pixfort Core pixfort-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects pixfort Core: from n/a through <= 3.2.22.
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in Dromara RuoYi-Vue-Plus up to 5.5.3. This vulnerability affects the function SaServletFilter of the file /workflow/instance/deleteByInstanceIds of the component Workflow Module. The manipulation leads to missing authorization. The attack may be…
- risk 0.41cvss 6.3epss 0.01
A security flaw has been discovered in Flycatcher Toys smART Pixelator 2.0. Affected by this issue is some unknown functionality of the component Bluetooth Low Energy Interface. Performing a manipulation results in missing authentication. The attack can only be performed from…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in PHPGurukul Online Course Registration up to 3.1. This affects an unknown function. This manipulation causes missing authorization. Remote exploitation of the attack is possible. The exploit has been published and may be used.
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in PHPGurukul Small CRM 4.0. This impacts an unknown function of the file /admin/edit-user.php. The manipulation results in missing authorization. It is possible to launch the attack remotely. The exploit has been released to the public and…
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in 8theme XStore xstore allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects XStore: from n/a through < 9.6.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in Milestone Systems XProtect VMS allows users with read-only access to Management Server to have full read/write access to MIP Webhooks API.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in AndonDesign UDesign Core u-design-core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects UDesign Core: from n/a through <= 4.14.0.
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in Themefic Hydra Booking hydra-booking allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Hydra Booking: from n/a through <= 1.1.9.
- risk 0.41cvss 6.3epss 0.00
A vulnerability has been found in JhumanJ OpnForm up to 1.9.3. This vulnerability affects unknown code of the file /custom-domains of the component API Endpoint. Such manipulation leads to missing authorization. The attack may be launched remotely. The exploit has been disclosed…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The…
- risk 0.41cvss 6.3epss 0.00
Missing Authorization vulnerability in ashanjay EventON eventon allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventON: from n/a through <= 4.9.9.
- risk 0.41cvss 6.3epss 0.00
SAP Service Parts Management (SPM) does not perform necessary authorization checks for an authenticated user, allowing an attacker to escalate privileges. This has low impact on Confidentiality, integrity and availability of the application.