Weaknesses of type CWE-862
6,730 resultsCVE-2024-43998MEDIUMWordPress Blogpoet theme <= 1.0.3 - Broken Access Control vulnerabilityEPSS 1.4%CVE-2021-24184—Tutor LMS < 1.7.7 - Unprotected AJAX including Privilege EscalationEPSS 1.4%CVE-2024-5326HIGHPost Grid Gutenberg Blocks and WordPress Blog Plugin – PostX <= 4.1.2 - Missing Authorization to Arbitrary Options UpdateEPSS 1.4%CVE-2017-2652—It was found that there were no permission checks performed in the Distributed Fork plugin before and including 1.5.0 for Jenkins that proviEPSS 1.4%CVE-2022-0871HIGHMissing Authorization in gogs/gogsEPSS 1.4%CVE-2022-27948HIGHCertain Tesla vehicles through 2022-03-26 allow attackers to open the charging port via a 315 MHz RF signal containing a fixed sequence of aEPSS 1.4%CVE-2021-4343CRITICALuListing <= 1.6.6 - Unauthenticated Arbitrary Account CreationEPSS 1.4%CVE-2021-4370CRITICALuListing <= 1.6.6 - Missing AuthorizationEPSS 1.4%CVE-2021-4381CRITICALuListing <= 1.6.6 - Unauthenticated Options Changes via wp_routeEPSS 1.4%CVE-2023-7317CRITICALNagios XI < 2024R1 Web SSH Terminal Missing Access ControlEPSS 1.4%CVE-2023-31047CRITICALIn Django 3.2 before 3.2.19, 4.x before 4.1.9, and 4.2 before 4.2.1, it was possible to bypass validation when using one form field to uploaEPSS 1.4%CVE-2021-21326HIGHHorizontal Privilege EscalationEPSS 1.4%CVE-2022-4950HIGHCool Plugins (Various Versions) - Arbitrary Plugin Installation and ActivationEPSS 1.4%CVE-2024-25092HIGHWordPress NextMove Lite plugin <= 2.17.0 - Subscriber+ Arbitrary Plugin Installation/Activation vulnerabilityEPSS 1.4%CVE-2022-41326CRITICALThe web conferencing component of Mitel MiCollab through 9.6.0.13 could allow an unauthenticated attacker to upload arbitrary scripts due toEPSS 1.4%CVE-2022-2373—Simply Schedule Appointments < 1.5.7.7 - Unauthenticated Email Address DisclosureEPSS 1.4%CVE-2021-44793HIGHInformation Leakege via Unauthorized Access in Single ConnectEPSS 1.4%CVE-2023-6985MEDIUM10Web AI Assistant – AI content writing assistant <= 1.0.18 - Missing Authorization to Arbitrary Plugin InstallationEPSS 1.4%CVE-2022-2376—Directorist < 7.3.1 - Unauthenticated Email Address DisclosureEPSS 1.4%CVE-2023-30586HIGHA privilege escalation vulnerability exists in Node.js 20 that allowed loading arbitrary OpenSSL engines when the experimental permission moEPSS 1.3%