Loading...
Loading...
7,611 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
Missing Authorization vulnerability in Fahad Mahmood Injection Guard allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Injection Guard: from n/a through 1.2.1.
Missing Authorization vulnerability in MobileMonkey WP-Chatbot for Messenger allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP-Chatbot for Messenger: from n/a through 4.7.
Missing Authorization vulnerability in Total-Soft Portfolio Gallery – Responsive Image Gallery allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Portfolio Gallery – Responsive Image Gallery: fro…
Missing Authorization vulnerability in Thomas Michalak Soundcloud Is Gold allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Soundcloud Is Gold: from n/a through 2.5.1.
Missing Authorization vulnerability in GS Plugins GS Pins for Pinterest allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects GS Pins for Pinterest: from n/a through 1.6.7.
Missing Authorization vulnerability in Bill Minozzi reCAPTCHA for all allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects reCAPTCHA for all: from n/a through 1.22.
Missing Authorization vulnerability in Booking Ultra Pro Booking Ultra Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Booking Ultra Pro: from n/a through 1.1.12.
Zulip is an open-source team collaboration tool with unique topic-based threading. Zulip administrators can configure Zulip to limit who can add users to streams, and separately to limit who can invite users to the organization. In Zulip S…
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
Missing Authorization vulnerability in 10up Simple Page Ordering allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Simple Page Ordering: from n/a through 2.5.0.
In aee, there is a possible escalation of privilege due to a missing permission check. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALP…
Missing Authorization vulnerability in a3rev Software WooCommerce Predictive Search allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WooCommerce Predictive Search: from n/a through 5.8.0.
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and 1.4.1.
Missing permission checks in Jenkins Team Concert Plugin 2.4.1 and earlier allow attackers with Overall/Read permission to check for the existence of an attacker-specified file path on the Jenkins controller file system.
Missing Authorization vulnerability in Taggbox Taggbox taggbox-widget allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Taggbox: from n/a through <= 3.3.
The SolarWinds Platform was susceptible to the Incorrect Comparison Vulnerability. This vulnerability allows users with administrative access to SolarWinds Web Console to execute arbitrary commands with SYSTEM privileges.
iden3 snarkjs through 0.6.11 allows double spending because there is no validation that the publicSignals length is less than the field modulus.
In Hazelcast through 5.0.4, 5.1 through 5.1.6, and 5.2 through 5.2.3, executor services don't check client permissions properly, allowing authenticated users to execute tasks on members without the required permissions granted.
Missing Authorization vulnerability in Metagauss EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects EventPrime: from n/a through 2.8.6.
Missing Authorization vulnerability in wppal Easy Captcha allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easy Captcha: from n/a through 1.0.
In Harmonic NSG 9000-6G devices, an authenticated remote user can obtain source code by directly requesting a special path.
The Smush plugin for WordPress is vulnerable to unauthorized deletion of the resmush list due to a missing capability check on the delete_resmush_list() function. This makes it possible for authenticated attackers, with minimal permissions…
The MultiParcels Shipping For WooCommerce WordPress plugin before 1.14.14 does not have authorisation when deleting shipment, allowing any authenticated users, such as subscriber to delete arbitrary shipment
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In music service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In fastDial service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In telephony service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In bluetooth service, there is a missing permission check. This could lead to local information disclosure with no additional execution privileges needed.
In Contacts Service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
In Contacts Service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
In ims service, there is a possible missing permission check. This could lead to local information disclosure with no additional execution privileges
In Contacts service, there is a possible missing permission check.This could lead to local information disclosure with no additional execution privileges
EchelonGraph correlates every CVE — across CWE-862 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →