Weaknesses of type CWE-862
6,783 resultsCVE-2024-2035MEDIUMImproper Authorization in zenml-io/zenmlEPSS 0.6%CVE-2024-10008HIGHMasteriyo LMS – eLearning and Online Course Builder for WordPress <= 1.13.3 - Authenticated (Student+) Missing Authorization to Privilege EscalationEPSS 0.6%CVE-2023-3713HIGHProfileGrid <= 5.5.1 - Authenticated (Subscriber+) Arbitrary Option UpdateEPSS 0.6%CVE-2023-54327CRITICALTinycontrol LAN Controller 1.58a Authentication Bypass via Admin Password ChangeEPSS 0.6%CVE-2024-6088MEDIUMLearnPress – WordPress LMS Plugin <= 4.2.6.8.1 - Missing Authorization to Unauthenticated User Registration BypassEPSS 0.6%CVE-2024-3607MEDIUMPropertyHive <= 2.0.12 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post DeletionEPSS 0.6%CVE-2023-22697MEDIUMWordPress Survey Maker plugin <= 3.2.0 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-24431MEDIUMA missing permission check in Jenkins Orka by MacStadium Plugin 1.31 and earlier allows attackers with Overall/Read permission to enumerate EPSS 0.6%CVE-2024-21215HIGHVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected areEPSS 0.6%CVE-2023-40005MEDIUMWordPress Easy Digital Downloads plugin <= 3.1.5 - Broken Access ControlEPSS 0.6%CVE-2026-25242MEDIUMGogs allows unauthenticated file uploadsEPSS 0.6%CVE-2025-27428HIGHDirectory Traversal vulnerability in SAP NetWeaver and ABAP Platform (Service Data Collection)EPSS 0.6%CVE-2023-4637MEDIUMWPvivid <= 0.9.94 - Missing AuthorizationEPSS 0.6%CVE-2026-3360HIGHTutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' ParameterEPSS 0.6%CVE-2023-22708MEDIUMWordPress Kraken.io Image Optimizer plugin <= 2.6.7 - Broken Access Control vulnerabilityEPSS 0.6%CVE-2023-1868MEDIUMYourChannel <= 1.2.3 - Missing Authorization to Plugin Cache ResetEPSS 0.6%CVE-2024-3750HIGHVisualizer: Tables and Charts Manager for WordPress <= 3.10.15 - Missing Authorization to Arbitrary SQL ExecutionEPSS 0.6%CVE-2022-45389MEDIUMA missing permission check in Jenkins XP-Dev Plugin 1.0 and earlier allows unauthenticated attackers to trigger builds of jobs correspondingEPSS 0.6%CVE-2024-10802MEDIUMHash Elements <= 1.4.7 - Missing Authorization to Unauthenticated Draft Post Title ExposureEPSS 0.6%CVE-2024-4888MEDIUMArbitrary File Deletion in BerriAI/litellmEPSS 0.6%