VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 92 of 278
  • CVE-2022-34212MedJun 23, 2022
    risk 0.37cvss 5.7epss 0.01

    A missing permission check in Jenkins vRealize Orchestrator Plugin 3.0 and earlier allows attackers with Overall/Read permission to send an HTTP POST request to an attacker-specified URL.

  • CVE-2019-16097MedSep 8, 2019
    risk 0.37cvss 6.5epss 0.23

    core/api/user.go in Harbor 1.7.0 through 1.8.2 allows non-admin users to create admin accounts via the POST /api/users API, when Harbor is setup with DB as authentication backend and allow user to do self-registration. Fixed version: v1.7.6 v1.8.3. v.1.9.0. Workaround without…

  • CVE-2026-53820MedJun 12, 2026
    risk 0.36cvss 6.6epss 0.00

    OpenClaw before 2026.5.12 contains an exec denylist bypass vulnerability in the bundle MCP loopback session-spawn path that allows authenticated callers to bypass intended command restrictions. Attackers can reach the affected bundled MCP session-spawn path to start sessions…

  • CVE-2026-53818MedJun 11, 2026
    risk 0.36cvss 6.6epss 0.00

    OpenClaw before 2026.4.24 contains an authorization bypass vulnerability in the MCP loopback feature that allows non-owner callers to skip owner-only tool policies and before-tool-call hooks. Attackers can invoke owner-only behavior through the affected loopback path to execute…

  • CVE-2026-20696MedMay 11, 2026
    risk 0.36cvss 5.5epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive user data.

  • CVE-2026-33776MedApr 9, 2026
    risk 0.36cvss 5.5epss 0.00

    A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS and Junos OS Evolved allows a local user with low privileges to read sensitive information. A local user with low privileges can execute the CLI command 'show mgd' with specific arguments which will…

  • CVE-2025-15070MedDec 29, 2025
    risk 0.36cvss 5.5epss 0.00

    Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse. This issue affects Web Fax: from 3.0 before 3.0.1

  • CVE-2025-42891MedDec 9, 2025
    risk 0.36cvss 5.5epss 0.00

    Due to a missing authorization check in SAP Enterprise Search for ABAP, an attacker with high privileges may read and export the contents of database tables into an ABAP report. This could lead to a high impact on data confidentiality and a low impact on data integrity. There is…

  • CVE-2025-48600MedDec 8, 2025
    risk 0.36cvss 5.5epss 0.00

    In multiple files, there is a possible way to reveal information across users due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2025-13813MedDec 1, 2025
    risk 0.36cvss 5.6epss 0.00

    A vulnerability was identified in moxi159753 Mogu Blog v2 up to 5.2. This issue affects some unknown processing of the file /storage/ of the component Storage Management Endpoint. The manipulation leads to missing authorization. The attack can be initiated remotely. The attack's…

  • CVE-2025-62965MedOct 27, 2025
    risk 0.36cvss 5.5epss 0.00

    Missing Authorization vulnerability in wpseek Admin Management Xtended admin-management-xtended allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Admin Management Xtended : from n/a through <= 2.5.1.

  • CVE-2025-59567MedSep 22, 2025
    risk 0.36cvss 5.5epss 0.00

    Missing Authorization vulnerability in Elliot Sowersby / RelyWP Coupon Affiliates woo-coupon-usage allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Coupon Affiliates: from n/a through <= 6.8.0.

  • CVE-2025-1055MedJun 11, 2025
    risk 0.36cvss 5.6epss 0.00

    A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those…

  • CVE-2023-25966MedDec 9, 2024
    risk 0.36cvss 5.5epss 0.01

    Missing Authorization vulnerability in Ninja Team Filebird allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Filebird: from n/a through 5.1.4.

  • CVE-2024-32731MedMay 14, 2024
    risk 0.36cvss 5.5epss 0.00

    SAP My Travel Requests does not perform necessary authorization checks for an authenticated user, resulting in escalation of privileges. On successful exploitation, the attacker can upload a malicious attachment to a business trip request which will lead to a low impact on the…

  • CVE-2024-23230MedMar 8, 2024
    risk 0.36cvss 5.5epss 0.00

    This issue was addressed with improved file handling. This issue is fixed in macOS Monterey 12.7.4, macOS Sonoma 14.4, macOS Ventura 13.6.5. An app may be able to access sensitive user data.

  • CVE-2020-36702MedJun 7, 2023
    risk 0.36cvss 5.5epss 0.00

    The Ultimate Addons for Gutenberg plugin for WordPress is vulnerable to Authenticated Settings Change in versions up to, and including, 1.14.7. This is due to missing capability checks on several AJAX actions. This makes it possible for authenticated attackers with subscriber+…

  • CVE-2017-6693MedJun 13, 2017
    risk 0.36cvss 5.5epss 0.00

    A vulnerability in the ConfD server component of Cisco Elastic Services Controllers could allow an authenticated, local attacker to access information stored in the file system of an affected system, aka Unauthorized Directory Access. More Information: CSCvd76286. Known Affected…

  • CVE-2026-53844MedJun 16, 2026
    risk 0.35cvss 6.5epss 0.00

    OpenClaw before 2026.4.29 contains a session visibility check bypass vulnerability in shared memory search that allows authenticated callers to access memory entries without proper authorization. Attackers can skip session visibility guards on the search path to retrieve memory…

  • CVE-2026-2381MedJun 16, 2026
    risk 0.35cvss 6.5epss 0.00

    The WooCommerce Stripe Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the `ajax_pay_for_order()` function in all versions up to, and including, 10.7.0 This is due to a missing order ownership or…