Weaknesses of type CWE-862
6,783 resultsCVE-2023-35149MEDIUMA missing permission check in Jenkins Digital.ai App Management Publisher Plugin 2.6 and earlier allows attackers with Overall/Read permissiEPSS 0.7%CVE-2021-3656—A flaw was found in the KVM's AMD code for supporting SVM nested virtualization. The flaw occurs when processing the VMCB (virtual machine cEPSS 0.7%CVE-2022-41254MEDIUMMissing permission checks in Jenkins CONS3RT Plugin 1.0.0 and earlier allow attackers with Overall/Read permission to connect to an attackerEPSS 0.7%CVE-2024-2848HIGHResponsive <= 5.0.2 - Missing Authorization to HTML InjectionEPSS 0.7%CVE-2021-38431MEDIUMAdvantech WebAccess SCADAEPSS 0.7%CVE-2024-2882CRITICALMissing Authorization in SDG Technologies PnPSCADAEPSS 0.7%CVE-2022-36418MEDIUMWordPress HREFLANG Tags Lite Plugin <= 2.0.0 is vulnerable to Broken AuthenticationEPSS 0.7%CVE-2024-21246HIGHVulnerability in the Oracle Service Bus product of Oracle Fusion Middleware (component: OSB Core Functionality). The supported version thaEPSS 0.7%CVE-2021-4347CRITICALAdvanced Shipment Tracking for WooCommerce <= 3.2.6 - Authenticated WordPress Options ChangeEPSS 0.7%CVE-2025-6685HIGHATEN eco DC Missing Authorization Privilege Escalation VulnerabilityEPSS 0.7%CVE-2023-26269HIGHApache James server: Privilege escalation through unauthenticated JMXEPSS 0.7%CVE-2026-40189CRITICALgoshs has a file-based ACL authorization bypass in goshs state-changing routesEPSS 0.7%CVE-2026-2038HIGHGFI Archiver MArc.Core Missing Authorization Authentication Bypass VulnerabilityEPSS 0.7%CVE-2026-28790HIGHOliveTin: Unauthenticated Action Termination via KillAction When Guests Must LoginEPSS 0.7%CVE-2022-0755HIGHMissing Authorization in salesagility/suitecrmEPSS 0.7%CVE-2021-24633—Countdown Block < 1.1.2 - Missing Authorisation in AJAX actionEPSS 0.7%CVE-2021-39347MEDIUMStripe for WooCommerce 3.0.0 - 3.3.9 Missing Authorization Controls to Financial Account HijackingEPSS 0.6%CVE-2021-24500—Workreap theme < 2.2.2 - Multiple CSRF + IDOR VulnerabilitiesEPSS 0.6%CVE-2024-54359HIGHWordPress Banner System plugin <= 1.0.0 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-50904MEDIUMWordPress Poll Maker plugin <= 4.8.0 - Broken Access Control vulnerabilityEPSS 0.6%