Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
Vulnerability Details :

CVE-2022-36024

Summary
Assigner-GitHub_M
Assigner Org ID-a0819718-46f1-4df5-94e2-005712e83aaa
Published At-18 Aug, 2022 | 14:45
Updated At-23 Apr, 2025 | 17:49
Rejected At-
Credits

Bots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code execution

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.

Vendors
-
Not available
Products
-
Metrics (CVSS)
VersionBase scoreBase severityVector
Weaknesses
Attack Patterns
Solution/Workaround
References
HyperlinkResource Type
EPSS History
Score
Latest Score
-
N/A
No data available for selected date range
Percentile
Latest Percentile
-
N/A
No data available for selected date range
Stakeholder-Specific Vulnerability Categorization (SSVC)
▼Common Vulnerabilities and Exposures (CVE)
cve.org
Assigner:GitHub_M
Assigner Org ID:a0819718-46f1-4df5-94e2-005712e83aaa
Published At:18 Aug, 2022 | 14:45
Updated At:23 Apr, 2025 | 17:49
Rejected At:
▼CVE Numbering Authority (CNA)
Bots using py-cord as discord api wrapper are vulnerable to shutdowns through remote code execution

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.

Affected Products
Vendor
Pycord-Development
Product
pycord
Versions
Affected
  • = 2.0.0
Problem Types
TypeCWE IDDescription
CWECWE-862CWE-862: Missing Authorization
CWECWE-284CWE-284: Improper Access Control
Type: CWE
CWE ID: CWE-862
Description: CWE-862: Missing Authorization
Type: CWE
CWE ID: CWE-284
Description: CWE-284: Improper Access Control
Metrics
VersionBase scoreBase severityVector
3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr
x_refsource_CONFIRM
https://github.com/Pycord-Development/pycord/pull/1568
x_refsource_MISC
Hyperlink: https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr
Resource:
x_refsource_CONFIRM
Hyperlink: https://github.com/Pycord-Development/pycord/pull/1568
Resource:
x_refsource_MISC
▼Authorized Data Publishers (ADP)
1. CVE Program Container
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr
x_refsource_CONFIRM
x_transferred
https://github.com/Pycord-Development/pycord/pull/1568
x_refsource_MISC
x_transferred
Hyperlink: https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr
Resource:
x_refsource_CONFIRM
x_transferred
Hyperlink: https://github.com/Pycord-Development/pycord/pull/1568
Resource:
x_refsource_MISC
x_transferred
2. CISA ADP Vulnrichment
Affected Products
Metrics
VersionBase scoreBase severityVector
Metrics Other Info
Impacts
CAPEC IDDescription
Solutions

Configurations

Workarounds

Exploits

Credits

Timeline
EventDate
Replaced By

Rejected Reason

References
HyperlinkResource
Information is not available yet
▼National Vulnerability Database (NVD)
nvd.nist.gov
Source:security-advisories@github.com
Published At:18 Aug, 2022 | 15:15
Updated At:09 Dec, 2022 | 18:42

py-cord is a an API wrapper for Discord written in Python. Bots creating using py-cord version 2.0.0 are vulnerable to remote shutdown if they are added to the server with the `application.commands` scope without the `bot` scope. Currently, it appears that all public bots that use slash commands are affected. This issue has been patched in version 2.0.1. There are currently no recommended workarounds - please upgrade to a patched version.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Primary3.16.5MEDIUM
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Secondary3.17.5HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Type: Primary
Version: 3.1
Base score: 6.5
Base severity: MEDIUM
Vector:
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
Type: Secondary
Version: 3.1
Base score: 7.5
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CPE Matches

pycord_development
pycord_development
>>pycord>>2.0.0
cpe:2.3:a:pycord_development:pycord:2.0.0:*:*:*:*:discord:*:*
Weaknesses
CWE IDTypeSource
CWE-284Primarysecurity-advisories@github.com
CWE-862Primarysecurity-advisories@github.com
CWE-862Secondarynvd@nist.gov
CWE ID: CWE-284
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-862
Type: Primary
Source: security-advisories@github.com
CWE ID: CWE-862
Type: Secondary
Source: nvd@nist.gov
Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References
HyperlinkSourceResource
https://github.com/Pycord-Development/pycord/pull/1568security-advisories@github.com
Patch
Third Party Advisory
https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmrsecurity-advisories@github.com
Third Party Advisory
Hyperlink: https://github.com/Pycord-Development/pycord/pull/1568
Source: security-advisories@github.com
Resource:
Patch
Third Party Advisory
Hyperlink: https://github.com/Pycord-Development/pycord/security/advisories/GHSA-qmhj-m29v-gvmr
Source: security-advisories@github.com
Resource:
Third Party Advisory

Change History

0
Information is not available yet

Similar CVEs

112Records found

CVE-2022-45431
Matching Score-4
Assigner-Dahua Technologies
ShareView Details
Matching Score-4
Assigner-Dahua Technologies
CVSS Score-7.5||HIGH
EPSS-0.03% / 8.16%
||
7 Day CHG~0.00%
Published-27 Dec, 2022 | 00:00
Updated-11 Apr, 2025 | 23:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Some Dahua software products have a vulnerability of unauthenticated restart of remote DSS Server. After bypassing the firewall access control policy, by sending a specific crafted packet to the vulnerable interface, an attacker could unauthenticated restart of remote DSS Server.

Action-Not Available
Vendor-n/aLinux Kernel Organization, IncDahua Technology Co., Ltd
Product-linux_kerneldhi-dss4004-s2_firmwaredss_expressdss_professionaldhi-dss4004-s2dhi-dss7016d-s2dhi-dss7016dr-s2_firmwaredhi-dss7016dr-s2dhi-dss7016d-s2_firmwareDSS Professional, DSS Express, DHI-DSS7016D-S2/DHI-DSS7016DR-S2, DHI-DSS4004-S2
CWE ID-CWE-284
Improper Access Control
CVE-2022-27660
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-9.3||CRITICAL
EPSS-0.47% / 63.56%
||
7 Day CHG~0.00%
Published-05 Aug, 2022 | 21:19
Updated-15 Apr, 2025 | 18:53
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the confctl_set_guest_wlan functionality of TCL LinkHub Mesh Wi-Fi MS1G_00_01.00_14. A specially-crafted network packet can lead to denial of service. An attacker can send packets to trigger this vulnerability.

Action-Not Available
Vendor-TCL
Product-linkhub_mesh_wifi_ac1200LinkHub Mesh Wifi
CWE ID-CWE-284
Improper Access Control
CVE-2024-22807
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-6.5||MEDIUM
EPSS-0.11% / 29.45%
||
7 Day CHG~0.00%
Published-22 Apr, 2024 | 00:00
Updated-01 Aug, 2024 | 22:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Tormach xsTECH CNC Router, PathPilot Controller v2.9.6 allows attackers to erase a critical sector of the flash memory, causing the machine to lose network connectivity and suffer from firmware corruption.

Action-Not Available
Vendor-n/atormach
Product-n/apilotpath_controller
CWE ID-CWE-284
Improper Access Control
CVE-2025-54679
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 14:41
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Neon Channel Product Customizer Free Plugin <= 2.0 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in vertim Neon Channel Product Customizer Free allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Neon Channel Product Customizer Free: from n/a through 2.0.

Action-Not Available
Vendor-vertim
Product-Neon Channel Product Customizer Free
CWE ID-CWE-862
Missing Authorization
CVE-2023-39228
Matching Score-4
Assigner-Intel Corporation
ShareView Details
Matching Score-4
Assigner-Intel Corporation
CVSS Score-5.3||MEDIUM
EPSS-0.11% / 29.69%
||
7 Day CHG~0.00%
Published-14 Nov, 2023 | 19:04
Updated-30 Aug, 2024 | 17:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Improper access control for some Intel Unison software may allow an unauthenticated user to potentially enable denial of service via network access.

Action-Not Available
Vendor-n/aIntel CorporationApple Inc.Google LLCMicrosoft Corporation
Product-androidwindowsunison_softwareiphone_osIntel Unison software
CWE ID-CWE-284
Improper Access Control
CVE-2022-22183
Matching Score-4
Assigner-Juniper Networks, Inc.
ShareView Details
Matching Score-4
Assigner-Juniper Networks, Inc.
CVSS Score-7.5||HIGH
EPSS-1.16% / 77.70%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 15:50
Updated-16 Sep, 2024 | 20:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Junos OS Evolved: A remote attacker may cause a CPU Denial of Service by sending genuine traffic to a device on a specific IPv4 port.

An Improper Access Control vulnerability in Juniper Networks Junos OS Evolved allows a network-based unauthenticated attacker who is able to connect to a specific open IPv4 port, which in affected releases should otherwise be unreachable, to cause the CPU to consume all resources as more traffic is sent to the port to create a Denial of Service (DoS) condition. Continued receipt and processing of these packets will create a sustained Denial of Service (DoS) condition. This issue affects: Juniper Networks Junos OS Evolved 20.4 versions prior to 20.4R3-S2-EVO; 21.1 versions prior to 21.1R3-S1-EVO; 21.2 versions prior to 21.2R3-EVO; 21.3 versions prior to 21.3R2-EVO; 21.4 versions prior to 21.4R2-EVO. This issue does not affect Junos OS.

Action-Not Available
Vendor-Juniper Networks, Inc.
Product-junos_os_evolvedJunos OSJunos OS Evolved
CWE ID-CWE-200
Exposure of Sensitive Information to an Unauthorized Actor
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-16
Not Available
CVE-2025-48334
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.04% / 11.04%
||
7 Day CHG~0.00%
Published-30 May, 2025 | 08:42
Updated-04 Jun, 2025 | 18:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woo Slider Pro <= 1.12 - Arbitrary Content Deletion Vulnerability

Missing Authorization vulnerability in BinaryCarpenter Woo Slider Pro allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Woo Slider Pro: from n/a through 1.12. Affected action "woo_slide_pro_delete_slider".

Action-Not Available
Vendor-binarycarpenterBinaryCarpenter
Product-woo_slider_proWoo Slider Pro
CWE ID-CWE-862
Missing Authorization
CVE-2025-49234
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 16.89%
||
7 Day CHG+0.01%
Published-17 Jun, 2025 | 15:01
Updated-17 Jun, 2025 | 20:50
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Dummy Content Generator plugin <= 3.4.6 - Arbitrary User Deletion vulnerability

Missing Authorization vulnerability in Deepak anand WP Dummy Content Generator allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Dummy Content Generator: from n/a through 3.4.6.

Action-Not Available
Vendor-Deepak anand
Product-WP Dummy Content Generator
CWE ID-CWE-862
Missing Authorization
CVE-2018-10865
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-7.5||HIGH
EPSS-0.98% / 75.78%
||
7 Day CHG~0.00%
Published-26 May, 2021 | 18:03
Updated-05 Aug, 2024 | 07:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

It was discovered that the /configuration view of redhat-certification 7 does not perform an authorization check and it allows an unauthenticated user to call a "restart" RPC method on any host accessible by the system, even if not belonging to him.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-certificationredhat-certification
CWE ID-CWE-862
Missing Authorization
CVE-2025-48257
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 16.89%
||
7 Day CHG~0.00%
Published-19 May, 2025 | 14:45
Updated-21 May, 2025 | 20:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Projectopia <= 5.1.17 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Projectopia Projectopia allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Projectopia: from n/a through 5.1.17.

Action-Not Available
Vendor-Projectopia
Product-Projectopia
CWE ID-CWE-862
Missing Authorization
CVE-2020-18757
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.39%
||
7 Day CHG~0.00%
Published-13 Aug, 2021 | 16:08
Updated-04 Aug, 2024 | 14:08
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue in Dut Computer Control Engineering Co.'s PLC MAC1100 allows attackers to cause persistent denial of service (DOS) via a crafted packet.

Action-Not Available
Vendor-dccen/a
Product-mac1100_plc_firmwaremac1100_plcn/a
CWE ID-CWE-862
Missing Authorization
CVE-2022-0404
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.26% / 48.69%
||
7 Day CHG~0.00%
Published-04 Apr, 2022 | 15:35
Updated-02 Aug, 2024 | 23:25
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Material Design for Contact Form 7 <= 2.6.4 - Subscriber+ Arbitrary Settings Update leading to DoS

The Material Design for Contact Form 7 WordPress plugin through 2.6.4 does not check authorization or that the option mentioned in the notice param belongs to the plugin when processing requests to the cf7md_dismiss_notice action, allowing any logged in user (with roles as low as Subscriber) to set arbitrary options to true, potentially leading to Denial of Service by breaking the site.

Action-Not Available
Vendor-material_design_for_contact_form_7_projectUnknown
Product-material_design_for_contact_form_7Material Design for Contact Form 7
CWE ID-CWE-862
Missing Authorization
CVE-2025-32929
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-15 Apr, 2025 | 11:58
Updated-15 Apr, 2025 | 18:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Barcode Generator for WooCommerce plugin <= 2.0.4 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Dmitry V. (CEO of "UKR Solution") Barcode Generator for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Barcode Generator for WooCommerce: from n/a through 2.0.4.

Action-Not Available
Vendor-Dmitry V. (CEO of "UKR Solution")
Product-Barcode Generator for WooCommerce
CWE ID-CWE-862
Missing Authorization
CVE-2025-33056
Matching Score-4
Assigner-Microsoft Corporation
ShareView Details
Matching Score-4
Assigner-Microsoft Corporation
CVSS Score-7.5||HIGH
EPSS-0.14% / 34.53%
||
7 Day CHG~0.00%
Published-10 Jun, 2025 | 17:02
Updated-11 Jul, 2025 | 16:36
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Windows Local Security Authority (LSA) Denial of Service Vulnerability

Improper access control in Microsoft Local Security Authority Server (lsasrv) allows an unauthorized attacker to deny service over a network.

Action-Not Available
Vendor-Microsoft Corporation
Product-windows_10_1507windows_server_2022_23h2windows_10_1607windows_10_21h2windows_server_2008windows_server_2012windows_server_2019windows_11_23h2windows_server_2022windows_11_24h2windows_10_1809windows_server_2025windows_server_2016windows_11_22h2windows_10_22h2Windows Server 2008 Service Pack 2Windows 10 Version 1607Windows Server 2008 Service Pack 2Windows 11 Version 23H2Windows Server 2008 R2 Service Pack 1Windows Server 2012 R2 (Server Core installation)Windows 11 version 22H2Windows Server 2022Windows Server 2016 (Server Core installation)Windows Server 2025Windows Server 2012Windows 10 Version 22H2Windows 11 Version 24H2Windows 10 Version 1809Windows Server 2025 (Server Core installation)Windows Server 2012 R2Windows Server 2008 R2 Service Pack 1 (Server Core installation)Windows Server 2016Windows Server 2012 (Server Core installation)Windows 11 version 22H3Windows Server 2019Windows Server 2019 (Server Core installation)Windows Server 2022, 23H2 Edition (Server Core installation)Windows Server 2008 Service Pack 2 (Server Core installation)Windows 10 Version 1507Windows 10 Version 21H2
CWE ID-CWE-284
Improper Access Control
CVE-2025-32796
Matching Score-4
Assigner-GitHub, Inc.
ShareView Details
Matching Score-4
Assigner-GitHub, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.06% / 20.10%
||
7 Day CHG~0.00%
Published-18 Apr, 2025 | 16:06
Updated-30 Apr, 2025 | 16:12
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Dify Allows Unauthorized APP Enable/Disable via API

Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and normal users are not permitted to make such changes. This access control flaw allows non-admin users to make unauthorized changes, which can disrupt the functionality and availability of the APPS. This issue has been patched in version 0.6.12. A workaround for this vulnerability involves updating the API access control mechanisms to enforce stricter user role permissions and implementing role-based access controls (RBAC) to ensure that only users with admin privileges can send enable or disable requests for apps.

Action-Not Available
Vendor-langgeniuslanggenius
Product-difydify
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-863
Incorrect Authorization
CVE-2020-13296
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.33% / 54.98%
||
7 Day CHG~0.00%
Published-29 Sep, 2020 | 15:54
Updated-04 Aug, 2024 | 12:11
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An issue has been discovered in GitLab affecting versions >=10.7 <13.0.14, >=13.1.0 <13.1.8, >=13.2.0 <13.2.6. Improper Access Control for Deploy Tokens

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-862
Missing Authorization
CVE-2025-32470
Matching Score-4
Assigner-SICK AG
ShareView Details
Matching Score-4
Assigner-SICK AG
CVSS Score-7.5||HIGH
EPSS-0.17% / 39.12%
||
7 Day CHG~0.00%
Published-28 Apr, 2025 | 09:07
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated change of IP adress

A remote unauthenticated attacker may be able to change the IP adress of the device, and therefore affecting the availability of the device.

Action-Not Available
Vendor-SICK AG
Product-SICK FLX0-GPNT100SICK FLX3-CPUC200
CWE ID-CWE-284
Improper Access Control
CVE-2025-31909
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-03 Apr, 2025 | 13:27
Updated-07 Apr, 2025 | 14:18
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Apptivo Business Site CRM plugin <= 5.3 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in NotFound Apptivo Business Site CRM allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Apptivo Business Site CRM: from n/a through 5.3.

Action-Not Available
Vendor-NotFound
Product-Apptivo Business Site CRM
CWE ID-CWE-862
Missing Authorization
CVE-2021-47662
Matching Score-4
Assigner-CERT@VDE
ShareView Details
Matching Score-4
Assigner-CERT@VDE
CVSS Score-7.5||HIGH
EPSS-0.15% / 35.76%
||
7 Day CHG+0.02%
Published-24 Apr, 2025 | 09:25
Updated-29 Apr, 2025 | 13:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Unauthenticated remote shutdown of the cobot

Due to missing authorization an unauthenticated remote attacker can cause a DoS attack by connecting via HTTPS and triggering the shutdown button.

Action-Not Available
Vendor-Franka Robotics
Product-Franka Emika Robot
CWE ID-CWE-862
Missing Authorization
CVE-2025-32208
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.04%
||
7 Day CHG~0.00%
Published-10 Apr, 2025 | 08:09
Updated-11 Apr, 2025 | 15:39
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Hive Support plugin <= 1.2.2 - Broken Access Control vulnerability

Missing Authorization vulnerability in Hive Support Hive Support allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Hive Support: from n/a through 1.2.2.

Action-Not Available
Vendor-Hive Support
Product-Hive Support
CWE ID-CWE-862
Missing Authorization
CVE-2025-31425
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.05% / 16.59%
||
7 Day CHG~0.00%
Published-14 Aug, 2025 | 10:34
Updated-14 Aug, 2025 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Lead Capturing Pages plugin <= 2.3 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in kamleshyadav WP Lead Capturing Pages allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Lead Capturing Pages: from n/a through 2.3.

Action-Not Available
Vendor-kamleshyadav
Product-WP Lead Capturing Pages
CWE ID-CWE-862
Missing Authorization
CVE-2023-30490
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.18% / 40.43%
||
7 Day CHG~0.00%
Published-13 Dec, 2024 | 14:23
Updated-13 Dec, 2024 | 20:37
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Easing Slider plugin <= 3.0.8 - Plugin Settings Reset Vulnerability

Missing Authorization vulnerability in Matthew Ruddy Easing Slider allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Easing Slider : from n/a through 3.0.8.

Action-Not Available
Vendor-Matthew Ruddy
Product-Easing Slider
CWE ID-CWE-862
Missing Authorization
CVE-2025-31377
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-7.5||HIGH
EPSS-0.08% / 24.14%
||
7 Day CHG~0.00%
Published-09 Apr, 2025 | 16:10
Updated-09 Apr, 2025 | 20:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Woo Product Feed For Marketing Channels <= 1.9.0 - Broken Access Control Vulnerability

Missing Authorization vulnerability in Asaquzzaman mishu Woo Product Feed For Marketing Channels allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Woo Product Feed For Marketing Channels: from n/a through 1.9.0.

Action-Not Available
Vendor-Asaquzzaman mishu
Product-Woo Product Feed For Marketing Channels
CWE ID-CWE-862
Missing Authorization
CVE-2021-44467
Matching Score-4
Assigner-Nozomi Networks Inc.
ShareView Details
Matching Score-4
Assigner-Nozomi Networks Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.04% / 12.60%
||
7 Day CHG~0.00%
Published-24 Oct, 2022 | 00:00
Updated-07 May, 2025 | 15:48
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
spx_restservice KillDupUsr_func Broken Access Control

A broken access control vulnerability in the KillDupUsr_func function of spx_restservice allows an attacker to arbitrarily terminate active sessions of other users, causing a Denial-of-Service (DoS) condition, if an input parameter is correctly guessed. This issue affects: Lanner Inc IAC-AST2500A standard firmware version 1.10.0.

Action-Not Available
Vendor-lannerincLanner Inc
Product-iac-ast2500a_firmwareiac-ast2500aIAC-AST2500A
CWE ID-CWE-284
Improper Access Control
CVE-2025-29448
Matching Score-4
Assigner-MITRE Corporation
ShareView Details
Matching Score-4
Assigner-MITRE Corporation
CVSS Score-7.5||HIGH
EPSS-0.06% / 19.49%
||
7 Day CHG~0.00%
Published-07 May, 2025 | 00:00
Updated-09 Jul, 2025 | 01:28
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Booking logic flaw in Easy!Appointments v1.5.1 allows unauthenticated attackers to create appointments with excessively long durations, causing a denial of service by blocking all future booking availability.

Action-Not Available
Vendor-easyappointmentsn/a
Product-easy\!appointmentsn/a
CWE ID-CWE-284
Improper Access Control
CVE-2021-42359
Matching Score-4
Assigner-Wordfence
ShareView Details
Matching Score-4
Assigner-Wordfence
CVSS Score-7.5||HIGH
EPSS-1.45% / 79.95%
||
7 Day CHG~0.00%
Published-05 Nov, 2021 | 19:44
Updated-14 Feb, 2025 | 17:52
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WP DSGVO Tools (GDPR) <= 3.1.23 Unauthenticated Arbitrary Post Deletion

WP DSGVO Tools (GDPR) <= 3.1.23 had an AJAX action, ‘admin-dismiss-unsubscribe‘, which lacked a capability check and a nonce check and was available to unauthenticated users, and did not check the post type when deleting unsubscription requests. As such, it was possible for an attacker to permanently delete an arbitrary post or page on the site by sending an AJAX request with the “action” parameter set to “admin-dismiss-unsubscribe” and the “id” parameter set to the post to be deleted. Sending such a request would move the post to the trash, and repeating the request would permanently delete the post in question.

Action-Not Available
Vendor-legalweblegalweb
Product-wp_dsgvo_toolsWP DSGVO Tools (GDPR)
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-862
Missing Authorization
CVE-2025-27310
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 22.04%
||
7 Day CHG~0.00%
Published-17 Apr, 2025 | 15:48
Updated-17 Apr, 2025 | 20:21
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Page and Post Lister plugin <= 1.2.1 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Radius of Thought Page and Post Lister allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Page and Post Lister: from n/a through 1.2.1.

Action-Not Available
Vendor-Radius of Thought
Product-Page and Post Lister
CWE ID-CWE-862
Missing Authorization
CVE-2021-40405
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.7||HIGH
EPSS-0.14% / 34.90%
||
7 Day CHG~0.00%
Published-14 Apr, 2022 | 19:56
Updated-15 Apr, 2025 | 19:07
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A denial of service vulnerability exists in the cgiserver.cgi Upgrade API functionality of Reolink RLC-410W v3.0.0.136_20121102. A specially-crafted HTTP request can lead to a reboot. An attacker can send an HTTP request to trigger this vulnerability.

Action-Not Available
Vendor-Reolink Innovation Limited
Product-rlc-410w_firmwarerlc-410wRLC-410W
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-404
Improper Resource Shutdown or Release
CVE-2021-39893
Matching Score-4
Assigner-GitLab Inc.
ShareView Details
Matching Score-4
Assigner-GitLab Inc.
CVSS Score-5.3||MEDIUM
EPSS-0.40% / 59.53%
||
7 Day CHG~0.00%
Published-05 Oct, 2021 | 12:18
Updated-04 Aug, 2024 | 02:20
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A potential DOS vulnerability was discovered in GitLab starting with version 9.1 that allowed parsing files without authorisation.

Action-Not Available
Vendor-GitLab Inc.
Product-gitlabGitLab
CWE ID-CWE-862
Missing Authorization
CVE-2020-10641
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.25% / 48.29%
||
7 Day CHG~0.00%
Published-28 Apr, 2020 | 18:22
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An unprotected logging route may allow an attacker to write endless log statements into the database without space limits or authentication. This results in consuming the entire available hard-disk space on the Ignition 8 Gateway (versions prior to 8.0.10), causing a denial-of-service condition.

Action-Not Available
Vendor-inductiveautomationn/a
Product-ignition_gatewayIgnition 8 Gateway
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-306
Missing Authentication for Critical Function
CVE-2020-10701
Matching Score-4
Assigner-Red Hat, Inc.
ShareView Details
Matching Score-4
Assigner-Red Hat, Inc.
CVSS Score-6.5||MEDIUM
EPSS-0.25% / 48.23%
||
7 Day CHG~0.00%
Published-27 May, 2021 | 18:45
Updated-04 Aug, 2024 | 11:06
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

A missing authorization flaw was found in the libvirt API responsible for changing the QEMU agent response timeout. This flaw allows read-only connections to adjust the time that libvirt waits for the QEMU guest agent to respond to agent commands. Depending on the timeout value that is set, this flaw can make guest agent commands fail because the agent cannot respond in time. Unprivileged users with a read-only connection could abuse this flaw to set the response timeout for all guest agent messages to zero, potentially leading to a denial of service. This flaw affects libvirt versions before 6.2.0.

Action-Not Available
Vendor-n/aRed Hat, Inc.
Product-libvirtlibvirt
CWE ID-CWE-862
Missing Authorization
CVE-2023-24524
Matching Score-4
Assigner-SAP SE
ShareView Details
Matching Score-4
Assigner-SAP SE
CVSS Score-6.5||MEDIUM
EPSS-0.12% / 32.30%
||
7 Day CHG~0.00%
Published-14 Feb, 2023 | 03:17
Updated-20 Mar, 2025 | 20:30
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

SAP S/4 HANA Map Treasury Correspondence Format Data does not perform necessary authorization check for an authenticated user, resulting in escalation of privileges. This could allow an attacker to delete the data with a high impact to availability.

Action-Not Available
Vendor-SAP SE
Product-s\/4hanaS/4 HANA (Map Treasury Correspondence Format Data)
CWE ID-CWE-862
Missing Authorization
CVE-2022-3065
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
ShareView Details
Matching Score-4
Assigner-Protect AI (formerly huntr.dev)
CVSS Score-5.3||MEDIUM
EPSS-0.10% / 29.16%
||
7 Day CHG~0.00%
Published-02 Sep, 2022 | 18:15
Updated-03 Aug, 2024 | 01:00
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Improper Access Control in jgraph/drawio

Improper Access Control in GitHub repository jgraph/drawio prior to 20.2.8.

Action-Not Available
Vendor-diagramsjgraph
Product-drawiojgraph/drawio
CWE ID-CWE-284
Improper Access Control
CVE-2019-6554
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
ShareView Details
Matching Score-4
Assigner-Cybersecurity and Infrastructure Security Agency (CISA) Industrial Control Systems (ICS)
CVSS Score-7.5||HIGH
EPSS-0.23% / 45.53%
||
7 Day CHG~0.00%
Published-05 Apr, 2019 | 18:15
Updated-04 Aug, 2024 | 20:23
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Advantech WebAccess/SCADA, Versions 8.3.5 and prior. An improper access control vulnerability may allow an attacker to cause a denial-of-service condition.

Action-Not Available
Vendor-Advantech (Advantech Co., Ltd.)
Product-webaccessWebAccess/SCADA
CWE ID-CWE-284
Improper Access Control
CVE-2019-5036
Matching Score-4
Assigner-Talos
ShareView Details
Matching Score-4
Assigner-Talos
CVSS Score-7.5||HIGH
EPSS-0.03% / 6.37%
||
7 Day CHG~0.00%
Published-20 Aug, 2019 | 21:08
Updated-04 Aug, 2024 | 19:40
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

An exploitable denial-of-service vulnerability exists in the Weave error reporting functionality of the Nest Cam IQ Indoor, version 4620002. A specially crafted weave packets can cause an arbitrary Weave Exchange Session to close, resulting in a denial of service. An attacker can send a specially crafted packet to trigger this vulnerability.

Action-Not Available
Vendor-n/aGoogle LLC
Product-nest_cam_iq_indoor_firmwarenest_cam_iq_indoorNest Labs
CWE ID-CWE-284
Improper Access Control
CWE ID-CWE-346
Origin Validation Error
CVE-2019-3936
Matching Score-4
Assigner-Tenable Network Security, Inc.
ShareView Details
Matching Score-4
Assigner-Tenable Network Security, Inc.
CVSS Score-7.5||HIGH
EPSS-1.82% / 82.13%
||
7 Day CHG~0.00%
Published-30 Apr, 2019 | 20:35
Updated-04 Aug, 2024 | 19:26
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Crestron AM-100 with firmware 1.6.0.2 and AM-101 with firmware 2.7.0.2 is vulnerable to denial of service via a crafted request to TCP port 389. The request will force the slideshow to transition into a "stopped" state. A remote, unauthenticated attacker can use this vulnerability to stop an active slideshow.

Action-Not Available
Vendor-Crestron Electronics, Inc.
Product-am-101am-100am-101_firmwaream-100_firmwareCrestron AirMedia
CWE ID-CWE-284
Improper Access Control
CVE-2025-24580
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 23.09%
||
7 Day CHG~0.00%
Published-24 Jan, 2025 | 17:24
Updated-24 Jan, 2025 | 19:02
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress 12 Step Meeting List plugin <= 3.16.5 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Code for Recovery 12 Step Meeting List allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects 12 Step Meeting List: from n/a through 3.16.5.

Action-Not Available
Vendor-Code for Recovery
Product-12 Step Meeting List
CWE ID-CWE-862
Missing Authorization
CVE-2025-23534
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.73%
||
7 Day CHG~0.00%
Published-14 Feb, 2025 | 12:44
Updated-14 Feb, 2025 | 15:45
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WPLingo plugin <= 1.1.2 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Mark Winiarski WPLingo allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WPLingo: from n/a through 1.1.2.

Action-Not Available
Vendor-Mark Winiarski
Product-WPLingo
CWE ID-CWE-862
Missing Authorization
CVE-2025-23515
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.73%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-05 Mar, 2025 | 17:13
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress ts-tree plugin 0.1.1 - <= Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in tsecher ts-tree allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects ts-tree: from n/a through 0.1.1.

Action-Not Available
Vendor-tsecher
Product-ts-tree
CWE ID-CWE-862
Missing Authorization
CVE-2023-6048
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.10% / 28.00%
||
7 Day CHG~0.00%
Published-15 Jan, 2024 | 15:10
Updated-03 Jun, 2025 | 14:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Estatik Real Estate Plugin < 4.1.1 - Subscriber+ Arbitrary Option Update

The Estatik Real Estate Plugin WordPress plugin before 4.1.1 does not prevent user with low privileges on the site, like subscribers, from setting any of the site's options to 1, which could be used to break sites and lead to DoS when certain options are reset

Action-Not Available
Vendor-estatikUnknown
Product-estatikEstatik Real Estate Plugin
CWE ID-CWE-862
Missing Authorization
CVE-2023-6139
Matching Score-4
Assigner-WPScan
ShareView Details
Matching Score-4
Assigner-WPScan
CVSS Score-6.5||MEDIUM
EPSS-0.30% / 52.69%
||
7 Day CHG~0.00%
Published-08 Jan, 2024 | 19:00
Updated-03 Jun, 2025 | 15:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Essential Real Estate < 4.4.0 - Subscriber+ Denial of Service via Arbitrary Option Update

The Essential Real Estate WordPress plugin before 4.4.0 does not apply proper capability checks on its AJAX actions, which among other things, allow attackers with a subscriber account to conduct Denial of Service attacks.

Action-Not Available
Vendor-g5plusUnknown
Product-essential_real_estateEssential Real Estate
CWE ID-CWE-862
Missing Authorization
CVE-2019-1763
Matching Score-4
Assigner-Cisco Systems, Inc.
ShareView Details
Matching Score-4
Assigner-Cisco Systems, Inc.
CVSS Score-7.5||HIGH
EPSS-1.34% / 79.17%
||
7 Day CHG~0.00%
Published-22 Mar, 2019 | 20:05
Updated-19 Nov, 2024 | 19:14
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
Cisco IP Phone 8800 Series Authorization Bypass Vulnerability

A vulnerability in the web-based management interface of Session Initiation Protocol (SIP) Software for Cisco IP Phone 8800 Series could allow an unauthenticated, remote attacker to bypass authorization, access critical services, and cause a denial of service (DoS) condition. The vulnerability exists because the software fails to sanitize URLs before it handles requests. An attacker could exploit this vulnerability by submitting a crafted URL. A successful exploit could allow the attacker to gain unauthorized access to critical services and cause a DoS condition. This vulnerability affects Cisco IP Phone 8800 Series products running a SIP Software release prior to 11.0(5) for Wireless IP Phone 8821 and 8821-EX; and 12.5(1)SR1 for the IP Conference Phone 8832 and the rest of the IP Phone 8800 Series. Cisco IP Conference Phone 8831 is not affected.

Action-Not Available
Vendor-Cisco Systems, Inc.
Product-ip_phone_8821-ex_firmwareip_phone_8821ip_conference_phone_8832_firmwareip_phone_8800ip_conference_phone_8832ip_phone_8821_firmwareip_phone_8821-exip_phone_8800_firmwareCisco Wireless IP Phone 8821 and 8821-EXCisco IP Conference Phone 8832 and the rest of the IP Phone 8800 Series
CWE ID-CWE-284
Improper Access Control
CVE-2023-52375
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-5.5||MEDIUM
EPSS-0.04% / 10.40%
||
7 Day CHG~0.00%
Published-18 Feb, 2024 | 06:05
Updated-26 Mar, 2025 | 21:15
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Permission control vulnerability in the WindowManagerServices module.Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosemuiEMUIHarmonyOS
CWE ID-CWE-284
Improper Access Control
CVE-2023-52105
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.18% / 39.59%
||
7 Day CHG~0.00%
Published-16 Jan, 2024 | 09:24
Updated-27 Aug, 2024 | 16:35
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

The nearby module has a privilege escalation vulnerability. Successful exploitation of this vulnerability may affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-harmonyosHarmonyOSharmonyos
CWE ID-CWE-269
Improper Privilege Management
CWE ID-CWE-284
Improper Access Control
CVE-2023-52537
Matching Score-4
Assigner-Huawei Technologies
ShareView Details
Matching Score-4
Assigner-Huawei Technologies
CVSS Score-7.5||HIGH
EPSS-0.03% / 7.15%
||
7 Day CHG~0.00%
Published-08 Apr, 2024 | 08:40
Updated-13 Mar, 2025 | 15:46
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability of package name verification being bypassed in the HwIms module. Impact: Successful exploitation of this vulnerability will affect availability.

Action-Not Available
Vendor-Huawei Technologies Co., Ltd.
Product-emuiharmonyosHarmonyOSEMUIharmonyosemui
CWE ID-CWE-280
Improper Handling of Insufficient Permissions or Privileges
CWE ID-CWE-284
Improper Access Control
CVE-2025-23615
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.73%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Interactive Page Hierarchy plugin <= 1.0.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in NotFound Interactive Page Hierarchy allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Interactive Page Hierarchy: from n/a through 1.0.1.

Action-Not Available
Vendor-NotFound
Product-Interactive Page Hierarchy
CWE ID-CWE-862
Missing Authorization
CVE-2024-21215
Matching Score-4
Assigner-Oracle
ShareView Details
Matching Score-4
Assigner-Oracle
CVSS Score-7.5||HIGH
EPSS-0.22% / 44.22%
||
7 Day CHG~0.00%
Published-15 Oct, 2024 | 19:52
Updated-18 Oct, 2024 | 14:51
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Core). Supported versions that are affected are 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle WebLogic Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of Oracle WebLogic Server. CVSS 3.1 Base Score 7.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Action-Not Available
Vendor-Oracle Corporation
Product-fusion_middlewareOracle WebLogic Server
CWE ID-CWE-862
Missing Authorization
CVE-2025-23527
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.73%
||
7 Day CHG~0.00%
Published-03 Feb, 2025 | 14:22
Updated-03 Feb, 2025 | 16:34
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WC Wallet plugin <= 2.2.0 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Hemnath Mouli WC Wallet allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects WC Wallet: from n/a through 2.2.0.

Action-Not Available
Vendor-Hemnath Mouli
Product-WC Wallet
CWE ID-CWE-862
Missing Authorization
CVE-2025-23529
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 23.09%
||
7 Day CHG+0.01%
Published-27 Jan, 2025 | 14:22
Updated-27 Jan, 2025 | 15:31
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress Minterpress plugin <= 1.0.5 - Arbitrary Content Deletion vulnerability

Missing Authorization vulnerability in Blokhaus Minterpress allows Accessing Functionality Not Properly Constrained by ACLs. This issue affects Minterpress: from n/a through 1.0.5.

Action-Not Available
Vendor-Blokhaus
Product-Minterpress
CWE ID-CWE-862
Missing Authorization
CVE-2025-23613
Matching Score-4
Assigner-Patchstack
ShareView Details
Matching Score-4
Assigner-Patchstack
CVSS Score-6.5||MEDIUM
EPSS-0.07% / 21.73%
||
7 Day CHG~0.00%
Published-03 Mar, 2025 | 13:30
Updated-03 Mar, 2025 | 15:59
Rejected-Not Available
Known To Be Used In Ransomware Campaigns?-Not Available
KEV Added-Not Available
KEV Action Due Date-Not Available
WordPress WP Journal plugin <= 1.1 - Broken Access Control vulnerability

Missing Authorization vulnerability in NotFound WP Journal allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Journal: from n/a through 1.1.

Action-Not Available
Vendor-NotFound
Product-WP Journal
CWE ID-CWE-862
Missing Authorization
  • Previous
  • 1
  • 2
  • 3
  • Next
Details not found