Vulnerabilities (CVE)

Filtered by CWE-862
Total 3177 CVE
CVE Vendors Products Updated CVSS v2 CVSS v3
CVE-2023-48684 2024-11-21 N/A 7.1 HIGH
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758.
CVE-2023-48683 2024-11-21 N/A 7.1 HIGH
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Linux, macOS, Windows) before build 37758.
CVE-2023-48676 2 Acronis, Microsoft 2 Cyber Protect Cloud Agent, Windows 2024-11-21 N/A 7.1 HIGH
Sensitive information disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect Cloud Agent (Windows) before build 36943.
CVE-2023-48417 1 Google 2 Chromecast, Chromecast Firmware 2024-11-21 N/A 9.8 CRITICAL
Missing Permission checks resulting in unauthorized access and Manipulation in KeyChainActivity Application
CVE-2023-48402 1 Google 1 Android 2024-11-21 N/A 7.8 HIGH
In ppcfw_enable of ppcfw.c, there is a possible EoP due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.
CVE-2023-48375 1 Csharp 1 Cws Collaborative Development Platform 2024-11-21 N/A 8.8 HIGH
SmartStar Software CWS is a web-based integration platform, it has a vulnerability of missing authorization and users are able to access data or perform actions that they should not be allowed to perform via commands. An authenticated with normal user privilege can execute administrator privilege, resulting in performing arbitrary system operations or disrupting service.
CVE-2023-48339 2 Google, Unisoc 14 Android, S8000, Sc7731e and 11 more 2024-11-21 N/A 4.4 MEDIUM
In jpg driver, there is a possible missing permission check. This could lead to local information disclosure with System execution privileges needed
CVE-2023-48280 2024-11-21 N/A 7.5 HIGH
Missing Authorization vulnerability in Consensu.IO Consensu.Io.This issue affects Consensu.Io: from n/a through 1.0.1.
CVE-2023-48273 2024-11-21 N/A 5.3 MEDIUM
Missing Authorization vulnerability in WP OnlineSupport, Essential Plugin Preloader for Website.This issue affects Preloader for Website: from n/a through 1.2.2.
CVE-2023-48247 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-11-21 N/A 5.3 MEDIUM
The vulnerability allows an unauthenticated remote attacker to read arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
CVE-2023-48245 1 Bosch 21 Nexo-os, Nexo Cordless Nutrunner Nxa011s-36v-b \(0608842012\), Nexo Cordless Nutrunner Nxa011s-36v \(0608842011\) and 18 more 2024-11-21 N/A 6.5 MEDIUM
The vulnerability allows an unauthenticated remote attacker to upload arbitrary files under the context of the application OS user (“root”) via a crafted HTTP request.
CVE-2023-47874 2024-11-21 N/A 5.4 MEDIUM
Missing Authorization vulnerability in Perfmatters.This issue affects Perfmatters: from n/a through 2.1.6.
CVE-2023-47870 1 Gvectors 1 Wpforo Forum 2024-11-21 N/A 7.1 HIGH
Cross-Site Request Forgery (CSRF), Missing Authorization vulnerability in gVectors Team wpForo Forum wpforo allows Cross Site Request Forgery, Accessing Functionality Not Properly Constrained by ACLs leading to forced all users log out.This issue affects wpForo Forum: from n/a through 2.2.6.
CVE-2023-47828 1 Millermedia 1 Mandrill 2024-11-21 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Mandrill wpMandrill.This issue affects wpMandrill: from n/a through 1.33.
CVE-2023-47788 2024-11-21 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Automattic Jetpack.This issue affects Jetpack: from n/a before 12.7.
CVE-2023-47783 2024-11-21 N/A 8.3 HIGH
Missing Authorization vulnerability in Thrive Themes Thrive Theme Builder.This issue affects Thrive Theme Builder: from n/a before 3.24.0.
CVE-2023-47771 2024-11-21 N/A 8.3 HIGH
Missing Authorization vulnerability in ThemePunch OHG Essential Grid.This issue affects Essential Grid: from n/a through 3.0.18.
CVE-2023-47770 2024-11-21 N/A 7.6 HIGH
Missing Authorization vulnerability in Muffin Group Betheme.This issue affects Betheme: from n/a through 27.1.1.
CVE-2023-47754 1 Cleverplugins 1 Delete Duplicate Posts 2024-11-21 N/A 4.3 MEDIUM
Missing Authorization vulnerability in Clever plugins Delete Duplicate Posts allows Accessing Functionality Not Properly Constrained by ACLs.This issue affects Delete Duplicate Posts: from n/a through 4.8.9.
CVE-2023-47681 2024-11-21 N/A 6.5 MEDIUM
Missing Authorization vulnerability in QuadLayers WooCommerce Checkout Manager.This issue affects WooCommerce Checkout Manager: from n/a through 7.3.0.