VYPR

CWE-863

Incorrect Authorization

ClassIncompleteLikelihood: High

Description

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Hierarchy (View 1000)

CVEs mapped to this weakness (1,530)

page 39 of 77
  • CVE-2024-3722MedMay 14, 2024
    risk 0.35cvss 5.4epss 0.00

    The Swift Performance Lite plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the ajax_handler() function in all versions up to, and including, 2.3.6.18. This makes it possible for authenticated attackers, with subscriber-level access…

  • CVE-2024-22208MedFeb 5, 2024
    risk 0.35cvss 6.5epss 0.01

    phpMyFAQ is an Open Source FAQ web application for PHP 8.1+ and MySQL, PostgreSQL and other databases. The 'sharing FAQ' functionality allows any unauthenticated actor to misuse the phpMyFAQ application to send arbitrary emails to a large range of targets. The phpMyFAQ…

  • CVE-2023-49273MedDec 12, 2023
    risk 0.35cvss 5.4epss 0.00

    Umbraco is an ASP.NET content management system (CMS). Starting in version 8.0.0 and prior to versions 8.18.10, 10.8.1, and 12.3.4, users with low privileges (Editor, etc.) are able to access some unintended endpoints. Versions 8.18.10, 10.8.1, and 12.3.4 contain a patch for…

  • CVE-2023-46125MedOct 25, 2023
    risk 0.35cvss 6.5epss 0.01

    Fides is an open-source privacy engineering platform for managing the fulfillment of data privacy requests in a runtime environment, and the enforcement of privacy regulations in code. The Fides webserver API allows users to retrieve its configuration using the `GET…

  • CVE-2023-35908MedJul 12, 2023
    risk 0.35cvss 6.5epss 0.01

    Apache Airflow, versions before 2.6.3, is affected by a vulnerability that allows unauthorized read access to a DAG through the URL. It is recommended to upgrade to a version that is not affected

  • CVE-2023-3574MedJul 10, 2023
    risk 0.35cvss 6.5epss 0.00

    Improper Authorization in GitHub repository pimcore/customer-data-framework prior to 3.4.1.

  • CVE-2021-4352MedJun 7, 2023
    risk 0.35cvss 5.3epss 0.01

    The JobSearch WP Job Board plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the save_locsettings function in versions up to, and including, 1.8.1. This makes it possible for unauthenticated attackers to change the settings of the…

  • CVE-2020-36710MedJun 7, 2023
    risk 0.35cvss 5.3epss 0.01

    The WPS Hide Login plugin for WordPress is vulnerable to login page disclosure even when the settings of the plugin are set to hide the login page making it possible for unauthenticated attackers to brute force credentials on sites in versions up to, and including, 1.5.4.2.

  • CVE-2022-25274MedApr 26, 2023
    risk 0.35cvss 5.4epss 0.00

    Drupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permissions, resulting in some possible access bypass for users who have access to use revisions of content generally, but who do not have…

  • CVE-2023-25768MedFeb 15, 2023
    risk 0.35cvss 6.5epss 0.01

    A missing permission check in Jenkins Azure Credentials Plugin 253.v887e0f9e898b and earlier allows attackers with Overall/Read permission to connect to an attacker-specified web server.

  • CVE-2023-0298MedJan 14, 2023
    risk 0.35cvss 6.5epss 0.01

    Incorrect Authorization in GitHub repository firefly-iii/firefly-iii prior to 5.8.0.

  • CVE-2022-45383MedNov 15, 2022
    risk 0.35cvss 6.5epss 0.01

    An incorrect permission check in Jenkins Support Core Plugin 1206.v14049fa_b_d860 and earlier allows attackers with Support/DownloadBundle permission to download a previously created support bundle containing information limited to users with Overall/Administer permission.

  • CVE-2022-35692MedAug 19, 2022
    risk 0.35cvss 5.3epss 0.01

    Adobe Commerce versions 2.4.3-p2 (and earlier), 2.3.7-p3 (and earlier) and 2.4.4 (and earlier) are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to leak minor information of…

  • CVE-2022-31153MedJul 15, 2022
    risk 0.35cvss 6.5epss 0.01

    OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts (vanilla and…

  • CVE-2022-0574MedMay 16, 2022
    risk 0.35cvss 6.5epss 0.01

    Improper Access Control in GitHub repository publify/publify prior to 9.2.8.

  • CVE-2022-1365MedApr 15, 2022
    risk 0.35cvss 6.5epss 0.01

    Exposure of Private Personal Information to an Unauthorized Actor in GitHub repository lquixada/cross-fetch prior to 3.1.5.

  • CVE-2022-0528MedMar 3, 2022
    risk 0.35cvss 6.5epss 0.01

    Server-Side Request Forgery (SSRF) in GitHub repository transloadit/uppy prior to 3.3.1.

  • CVE-2021-3658MedMar 2, 2022
    risk 0.35cvss 6.5epss 0.01

    bluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a device is powered down while discoverable, it will be discoverable when powered on again. This could lead to inadvertent exposure of the…

  • CVE-2022-0577MedMar 2, 2022
    risk 0.35cvss 6.5epss 0.01

    Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository scrapy/scrapy prior to 2.6.1.

  • CVE-2022-0731MedFeb 23, 2022
    risk 0.35cvss 6.5epss 0.01

    Improper Access Control (IDOR) in GitHub repository dolibarr/dolibarr prior to 16.0.