CWE-862— Missing Authorization
7,606 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-862page 32 of 153
- CVE-2022-4169MEDIUMCVSS 6.5EG 5.32022-11-28
The Theme and plugin translation for Polylang is vulnerable to authorization bypass in versions up to, and including, 3.2.16 due to missing capability checks in the process_polylang_theme_translation_wp_loaded() function. This makes it pos…
- CVE-2022-41692MEDIUMCVSS 4.3EG 8.82022-11-18
Missing Authorization vulnerability in Appointment Hour Booking plugin <= 1.3.71 on WordPress.
- CVE-2022-41695MEDIUMCVSS 5.4EG 5.42024-01-17
Missing Authorization vulnerability in SedLex Traffic Manager.This issue affects Traffic Manager: from n/a through 1.4.5.
- CVE-2022-41698MEDIUMCVSS 6.5EG 6.52024-04-17
Missing Authorization vulnerability in Layered If Menu.This issue affects If Menu: from n/a through 0.16.3.
- CVE-2022-41786MEDIUMCVSS 5.4EG 5.42024-01-17
Missing Authorization vulnerability in WP Job Portal WP Job Portal – A Complete Job Board.This issue affects WP Job Portal – A Complete Job Board: from n/a through 2.0.1.
- CVE-2022-41790MEDIUMCVSS 4.3EG 4.32024-01-17
Missing Authorization vulnerability in CodePeople WP Time Slots Booking Form.This issue affects WP Time Slots Booking Form: from n/a through 1.1.76.
- CVE-2022-41797MEDIUMCVSS 6.5EG 6.52022-10-24
Improper authorization in handler for custom URL scheme vulnerability in Lemon8 App for Android versions prior to 3.3.5 and Lemon8 App for iOS versions prior to 3.3.5 allows a remote attacker to lead a user to access an arbitrary website v…
- CVE-2022-41799MEDIUMCVSS 6.5EG 6.52022-10-24
Improper access control vulnerability in GROWI prior to v5.1.4 (v5 series) and versions prior to v4.5.25 (v4 series) allows a remote authenticated attacker to bypass access restriction and download the markdown data from the pages set to p…
- CVE-2022-41807MEDIUMCVSS 6.5EG 6.52022-12-05
Missing authorization vulnerability exists in Kyocera Document Solutions MFPs and printers, which may allow a network-adjacent attacker to alter the product settings without authentication by sending a specially crafted request. Affected p…
- CVE-2022-41929MEDIUMCVSS 4.9EG 4.92022-11-23
org.xwiki.platform:xwiki-platform-oldcore is missing authorization in User#setDisabledStatus, which may allow an incorrectly authorized user with only Script rights to enable or disable a user. This operation is meant to only be available …
- CVE-2022-41930HIGHCVSS 7.5EG 7.52022-11-23
org.xwiki.platform:xwiki-platform-user-profile-ui is missing authorization to enable or disable users. Any user (logged in or not) with access to the page XWiki.XWikiUserProfileSheet can enable or disable any user profile. This might allow…
- CVE-2022-41937CRITICALCVSS 9.6EG 9.62022-11-22
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. The application allows anyone with view access to modify any page of the wiki by importing a crafted XAR package. The problem has been…
- CVE-2022-41995MEDIUMCVSS 4.3EG 4.32025-01-02
Missing Authorization vulnerability in Galleryape Gallery Images Ape allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Gallery Images Ape: from n/a through 2.2.8.
- CVE-2022-4223HIGHCVSS 8.8EG 9.02022-12-13
The pgAdmin server includes an HTTP API that is intended to be used to validate the path a user selects to external PostgreSQL utilities such as pg_dump and pg_restore. The utility is executed by the server to determine what PostgreSQL ver…
- CVE-2022-42488HIGHCVSS 8.4EG 7.82022-10-14
OpenHarmony-v3.1.2 and prior versions have a Missing permission validation vulnerability in param service of startup subsystem. An malicious application installed on the device could elevate its privileges to the root user, disable securit…
- CVE-2022-42766MEDIUMCVSS 5.5EG 5.52022-12-06
In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.
- CVE-2022-42776HIGHCVSS 7.8EG 7.82022-12-06
In UscAIEngine service, there is a missing permission check. This could lead to set up UscAIEngine service with no additional execution privileges needed.
- CVE-2022-42777HIGHCVSS 7.8EG 7.82022-12-06
In power management service, there is a missing permission check. This could lead to set up power management service with no additional execution privileges needed.
- CVE-2022-42778HIGHCVSS 7.8EG 7.82022-12-06
In windows manager service, there is a missing permission check. This could lead to set up windows manager service with no additional execution privileges needed.
- CVE-2022-42782MEDIUMCVSS 5.5EG 5.52022-12-06
In wlan driver, there is a possible missing permission check, This could lead to local information disclosure.
- CVE-2022-42884MEDIUMCVSS 5.4EG 5.42024-01-17
Missing Authorization vulnerability in ThemeinProgress WIP Custom Login.This issue affects WIP Custom Login: from n/a through 1.2.7.
- CVE-2022-42903LOWCVSS 3.3EG 3.32022-11-17
Zoho ManageEngine SupportCenter Plus through 11024 allows low-privileged users to view the organization users list.
- CVE-2022-42909MEDIUMCVSS 6.5EG 5.42023-02-03
WEPA Print Away does not verify that a user has authorization to access documents before generating print orders and associated release codes. This could allow an attacker to generate print orders and release codes for documents they don´…
- CVE-2022-43413MEDIUMCVSS 4.3EG 4.32022-10-19
Jenkins Job Import Plugin 3.5 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2022-43417MEDIUMCVSS 4.3EG 4.32022-10-19
Jenkins Katalon Plugin 1.0.32 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to connect to an attacker-specified URL using attacker-specified credentials IDs obtain…
- CVE-2022-43421MEDIUMCVSS 5.3EG 5.32022-10-19
A missing permission check in Jenkins Tuleap Git Branch Source Plugin 3.2.4 and earlier allows unauthenticated attackers to trigger Tuleap projects whose configured repository matches the attacker-specified value.
- CVE-2022-43427MEDIUMCVSS 4.3EG 4.32022-10-19
Jenkins Compuware Topaz for Total Test Plugin 2.4.8 and earlier does not perform permission checks in several HTTP endpoints, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2022-43431MEDIUMCVSS 4.3EG 4.32022-10-19
Jenkins Compuware Strobe Measurement Plugin 1.0.1 and earlier does not perform a permission check in an HTTP endpoint, allowing attackers with Overall/Read permission to enumerate credentials IDs of credentials stored in Jenkins.
- CVE-2022-43453HIGHCVSS 8.8EG 8.82024-06-21
Missing Authorization vulnerability in Bill Minozzi WP Tools.This issue affects WP Tools: from n/a through 3.41.
- CVE-2022-43472MEDIUMCVSS 4.3EG 4.32024-12-13
Missing Authorization vulnerability in StylemixThemes eRoom – Zoom Meetings & Webinar allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects eRoom – Zoom Meetings & Webinar: from n/a through 1.4.6.
- CVE-2022-43476MEDIUMCVSS 4.3EG 4.32025-01-02
Missing Authorization vulnerability in Daniel Söderström / Sidney van de Stouwe Subscribe to Category allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Subscribe to Category: from n/a through 2.7.…
- CVE-2022-43482MEDIUMCVSS 4.3EG 8.82022-11-18
Missing Authorization vulnerability in Appointment Booking Calendar plugin <= 1.3.69 on WordPress.
- CVE-2022-43581HIGHCVSS 7.5EG 8.82022-12-07
IBM Content Navigator 3.0.0, 3.0.1, 3.0.2, 3.0.3, 3.0.4, 3.0.5, 3.0.6, 3.0.7, 3.0.8, 3.0.9, 3.0.10, 3.0.11, and 3.0.12 is vulnerable to missing authorization and could allow an authenticated user to load external plugins and execute code. …
- CVE-2022-4366HIGHCVSS 7.5EG 7.52022-12-08
Missing Authorization in GitHub repository lirantal/daloradius prior to master branch.
- CVE-2022-43685HIGHCVSS 8.8EG 8.82022-11-22
CKAN through 2.9.6 account takeovers by unauthenticated users when an existing user id is sent via an HTTP POST request. This allows a user to take over an existing account including superuser accounts.
- CVE-2022-43712MEDIUMCVSS 6.5EG 6.52023-07-26
POST requests to /web/mvc in GX Software XperienCentral version 10.36.0 and earlier were not blocked for uses that are not logged in. If an unauthorized user is able to bypass other security filters they are able to post unauthorized data …
- CVE-2022-4384MEDIUMCVSS 6.5EG 6.52023-02-06
The Stream WordPress plugin before 3.9.2 does not prevent users with little privileges on the site (like subscribers) from using its alert creation functionality, which may enable them to leak sensitive information.
- CVE-2022-4385MEDIUMCVSS 4.3EG 4.32023-02-21
The Intuitive Custom Post Order WordPress plugin before 3.1.4 does not check for authorization in the update-menu-order ajax action, allowing any logged in user (with roles as low as Subscriber) to update the menu order
- CVE-2022-43916MEDIUMCVSS 6.8EG 6.82025-01-30
IBM App Connect Enterprise Certified Container 7.1, 7.2, 8.0, 8.1, 8.2, 9.0, 9.1, 9.2, 10.0, 10.1, 11.0, 11.1, 11.2, 11.3, 11.4, 11.5, 11.6, 12.0, 12.1, 12.2, 12.3, 12.4, 12.5, 12.6, and 12.7 Pods do not restrict network egress for Pods th…
- CVE-2022-44009HIGHCVSS 7.5EG 7.52022-12-06
Improper access control in Key-Value RBAC in StackStorm version 3.7.0 didn't check the permissions in Jinja filters, allowing attackers to access K/V pairs of other users, potentially leading to the exposure of sensitive Information.
- CVE-2022-44421MEDIUMCVSS 5.5EG 5.52023-02-12
In wlan driver, there is a possible missing permission check. This could lead to local In wlan driver, information disclosure.
- CVE-2022-44422MEDIUMCVSS 5.5EG 5.52023-01-04
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-44423MEDIUMCVSS 5.5EG 5.52023-01-04
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-44424MEDIUMCVSS 5.5EG 5.52023-01-04
In music service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-44433HIGHCVSS 7.8EG 7.82023-05-09
In phoneEx service, there is a possible missing permission check. This could lead to local escalation of privilege with no additional execution privileges.
- CVE-2022-44434MEDIUMCVSS 5.5EG 5.52023-01-04
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-44435MEDIUMCVSS 5.5EG 5.52023-01-04
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-44436MEDIUMCVSS 5.5EG 5.52023-01-04
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-44437MEDIUMCVSS 5.5EG 5.52023-01-04
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
- CVE-2022-44438MEDIUMCVSS 5.5EG 5.52023-01-04
In messaging service, there is a missing permission check. This could lead to local denial of service in contacts service with no additional execution privileges needed.
Map vulnerabilities like CWE-862 to your infrastructure
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →