Weaknesses of type CWE-862
6,730 resultsCVE-2023-27963HIGHThe issue was addressed with additional permissions checks. This issue is fixed in macOS Ventura 13.3, iOS 16.4 and iPadOS 16.4, iOS 15.7.4 EPSS 0.8%CVE-2021-4355HIGHWelcart e-Commerce < 2.2.8 - Missing Capabilities Check to Information DisclosureEPSS 0.8%CVE-2023-53740HIGHScreen SFT DAB 1.9.3 Authentication Bypass via Admin Password ChangeEPSS 0.8%CVE-2023-25988HIGHWordPress Video Gallery – YouTube Gallery plugin <= 1.7.6 - Broken Access Control vulnerabilityEPSS 0.8%CVE-2022-41228HIGHA missing permission check in Jenkins NS-ND Integration Performance Publisher Plugin 4.8.0.129 and earlier allows attackers with Overall/ReaEPSS 0.8%CVE-2022-41234HIGHJenkins Rundeck Plugin 3.6.11 and earlier does not protect access to the /plugin/rundeck/webhook/ endpoint, allowing users with Overall/ReadEPSS 0.8%CVE-2021-44233—SAP GRC Access Control - versions V1100_700, V1100_731, V1200_750, does not perform necessary authorization checks for an authenticated userEPSS 0.8%CVE-2021-40502—SAP Commerce - versions 2105.3, 2011.13, 2005.18, 1905.34, does not perform necessary authorization checks for an authenticated user, resultEPSS 0.8%CVE-2021-4379MEDIUMWooCommerce Multi Currency <= 2.1.17 - Missing AuthorizationEPSS 0.8%CVE-2023-32585HIGHWordPress Portfolio Gallery – Responsive Image Gallery plugin <= 1.4.6 - Broken Access Control vulnerabilityEPSS 0.8%CVE-2023-30490HIGHWordPress Easing Slider plugin <= 3.0.8 - Plugin Settings Reset VulnerabilityEPSS 0.8%CVE-2025-24143MEDIUMThe issue was addressed with improved access restrictions to the file system. This issue is fixed in Safari 18.3, iOS 18.3 and iPadOS 18.3, EPSS 0.8%CVE-2021-4383HIGHWP Quick FrontEnd Editor <= 5.5 - Authenticated (Subscriber+) Content InjectionEPSS 0.8%CVE-2021-32503—Unauthenticated users can access sensitive web URLs through GET request, which should be restricted to maintenance users only. A malicious aEPSS 0.8%CVE-2024-29228HIGHMissing authorization vulnerability in GetStmUrlPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 allEPSS 0.8%CVE-2024-29229HIGHMissing authorization vulnerability in GetLiveViewPath webapi component in Synology Surveillance Station before 9.2.0-9289 and 9.2.0-11289 aEPSS 0.8%CVE-2021-4369MEDIUMFrontend File Manager <= 18.2 - Unauthenticated Content InjectionEPSS 0.8%CVE-2020-36720HIGHKali Forms <= 2.1.1 - Missing Authorization to Settings UpdateEPSS 0.8%CVE-2024-27939CRITICALA vulnerability has been identified in RUGGEDCOM CROSSBOW (All versions < V5.5). The affected systems allow the upload of arbitrary files ofEPSS 0.8%CVE-2025-24249CRITICALA permissions issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOEPSS 0.8%