CWE-862 CVEs and Security Vulnerabilities

Filtered by CWE-862

Search

Switch to Advanced Search (Beta)

Total 4694 CVE

CVE	Vendors	Products	Updated	CVSS v3.1
CVE-2024-36246	1 Yokogawa Rental Lease Corporation	2 Unifier, Unifier Cast	2025-04-08	9.8 Critical
Missing authorization vulnerability exists in Unifier and Unifier Cast. If this vulnerability is exploited, arbitrary code may be executed with LocalSystem privilege. As a result, a malicious program may be installed, data may be altered or deleted.
CVE-2024-53258	1 Autolabproject	1 Autolab	2025-04-07	5.3 Medium
Autolab is a course management service that enables auto-graded programming assignments. From Autolab versions v.3.0.0 onward students can download all assignments from another student, as long as they are logged in, using the download_all_submissions feature. This can allow for leakage of submissions to unauthorized users, such as downloading submissions from other students in the class, or even instructor test submissions, given they know their user IDs. This issue has been patched in commit `1aa4c769` which is not yet in a release version, but is expected to be included in version 3.0.3. Users are advised to either manually patch or to wait for version 3.0.3. As a workaround administrators can disable the feature.
CVE-2025-24181	1 Apple	1 Macos	2025-04-07	9.8 Critical
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An app may be able to access protected user data.
CVE-2023-38386	1 Ninjaforms	1 Ninja Forms	2025-04-07	7.6 High
Missing Authorization vulnerability in Saturday Drive Ninja Forms.This issue affects Ninja Forms: from n/a through 3.6.25.
CVE-2025-32217			2025-04-07	5.4 Medium
Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Ai Image Alt Text Generator for WP: from n/a through 1.0.8.
CVE-2025-32218			2025-04-07	5.4 Medium
Missing Authorization vulnerability in RealMag777 TableOn – WordPress Posts Table Filterable allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TableOn – WordPress Posts Table Filterable: from n/a through 1.0.4.
CVE-2023-47826	1 Nicheaddons	2 Restaurant \& Cafe Addon For Elementor, Restaurant And Cafe Addon For Elementor	2025-04-07	6.5 Medium
Missing Authorization vulnerability in NicheAddons Restaurant & Cafe Addon for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restaurant & Cafe Addon for Elementor: from n/a through 1.5.3.
CVE-2025-31720			2025-04-07	4.3 Medium
A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Extended Read permission to copy an agent, gaining access to its configuration.
CVE-2025-31721			2025-04-07	4.3 Medium
A missing permission check in Jenkins 2.503 and earlier, LTS 2.492.2 and earlier allows attackers with Computer/Create permission but without Computer/Configure permission to copy an agent, gaining access to encrypted secrets in its configuration.
CVE-2025-31739			2025-04-07	6.4 Medium
Missing Authorization vulnerability in Manuel Schmalstieg Minimalistic Event Manager allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Minimalistic Event Manager: from n/a through 1.1.1.
CVE-2025-31768			2025-04-07	6.5 Medium
Missing Authorization vulnerability in OTWthemes Widget Manager Light allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Widget Manager Light: from n/a through 1.18.
CVE-2025-31841			2025-04-07	6.3 Medium
Missing Authorization vulnerability in Frank P. Walentynowicz FPW Category Thumbnails allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects FPW Category Thumbnails: from n/a through 1.9.5.
CVE-2025-31858			2025-04-07	6.5 Medium
Missing Authorization vulnerability in matthewrubin Local Magic allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Local Magic: from n/a through 2.6.0.
CVE-2025-31876			2025-04-07	5.8 Medium
Missing Authorization vulnerability in gunnarpayday Payday allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Payday: from n/a through 3.3.12.
CVE-2025-30916			2025-04-07	6.5 Medium
Missing Authorization vulnerability in enituretechnology Residential Address Detection allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Residential Address Detection: from n/a through 2.5.4.
CVE-2025-31581			2025-04-07	6.5 Medium
Missing Authorization vulnerability in Sandeep Kumar WP Video Playlist allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Video Playlist: from n/a through 1.1.2.
CVE-2025-31746			2025-04-07	6.4 Medium
Missing Authorization vulnerability in Think201 Clients allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Clients: from n/a through 1.1.4.
CVE-2025-31794			2025-04-07	5.4 Medium
Missing Authorization vulnerability in Web Ready Now WR Price List Manager For Woocommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WR Price List Manager For Woocommerce: from n/a through 1.0.8.
CVE-2025-31541			2025-04-07	6.5 Medium
Missing Authorization vulnerability in turitop TuriTop Booking System allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects TuriTop Booking System: from n/a through 1.0.10.
CVE-2025-31729			2025-04-07	6.5 Medium
Missing Authorization vulnerability in jeffikus WooTumblog allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WooTumblog: from n/a through 2.1.4.

« first previous Page 15 of 235. next last »