The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,407 vulnerabilities with CWE-862
CVE-2021-28052
HIGH
Hitachi Content Platform <8.3.7, <9.0.0-9.2.3 - Privilege Escalation
CVSS 7.5
CVE-2021-24890
HIGH
Scripts Organizer < 3.0 - Unauthenticated Arbitrary PHP File Write via saveScript AJAX Action
CVSS 8.8
CVE-2021-41803
HIGH
HashiCorp Consul 1.8.1-1.11.8, 1.12.4, 1.13.1 - Missing Authorization via JWT Claim Assertion
CVSS 7.1
CVE-2021-39190
MEDIUM
GLPI SCCM Plugin < 2.3.0 - Unauthenticated Information Disclosure via Configuration Page
CVSS 5.3
CVE-2021-0735
MEDIUM
Android 13 - Unauthenticated Local Information Disclosure via PackageManager
CVSS 5.5
CVE-2021-33057
HIGH
QQ App 8.7.1 - Info Disclosure
CVSS 7.5
CVE-2021-32504
MEDIUM
SICK FTMG Firmware < 2.8 - Unauthenticated Sensitive Information Exposure via Web URL Access
CVSS 5.3
CVE-2021-26637
HIGH
SiHAS SGW-300, ACM-300, GCM-300 Firmware - Unauthenticated Remote Device Control
CVSS 8.8
CVE-2021-46820
HIGH
XOS-Shop <1.0.9 - Privilege Escalation
CVSS 8.1
CVE-2021-37764
HIGH
xos_shop_system 1.0.9 - Arbitrary File Deletion via current_manufacturer_image Parameter
CVSS 8.1
CVE-2021-25116
MEDIUM
Enqueue Anything WordPress Plugin < 1.0.1 - Unauthenticated Arbitrary Asset Deletion
CVSS 6.5
CVE-2021-42851
MEDIUM
Lenovo Personal Cloud Storage A1/T1/X1/T2/T2Pro Firmware < 5.3.8 - Unauthenticated Account Creation
CVSS 6.3
CVE-2021-42848
MEDIUM
Lenovo Personal Cloud Storage A1/T1/X1/T2/T2Pro Firmware < 5.3.8 - Unauthenticated Information Disclosure
CVSS 4.3
CVE-2021-33013
HIGH
mySCADA myPRO <8.20.0 - Info Disclosure
CVSS 8.2
CVE-2021-39738
HIGH
Android - Missing Authorization in CarSettings Bluetooth Pairing
CVSS 7.8
CVE-2021-44055
MEDIUM
QNAP Video Station < 5.1.8 - Missing Authorization
CVSS 5.3
CVE-2021-25002
HIGH
Tipsacarrier WordPress <1.5.0.5 - Info Disclosure
CVSS 7.5
CVE-2021-43938
HIGH
Elcomplus SmartPTT SCADA Server - Info Disclosure
CVSS 8.1
CVE-2021-44595
HIGH
Wondershare Dr.Fone - Unauthenticated Privilege Escalation via ElevationService.exe
CVSS 8.8
CVE-2021-39808
HIGH
Android - Local Privilege Escalation via Notification Channel Group Input Validation
CVSS 7.8
CVE-2021-32503
MEDIUM
SICK FTMG Firmware < 2.8 - Unauthenticated Sensitive Information Exposure via Web URL Access
CVSS 4.9
CVE-2021-39768
HIGH
Android 12L - Missing Authorization for Auto-Connect WiFi Network
CVSS 7.8
CVE-2021-39758
HIGH
Android 12L - Missing Authorization Check in WindowManager
CVSS 7.8
CVE-2021-39753
MEDIUM
Android 12L - Unauthenticated Local Information Disclosure in DomainVerificationService
CVSS 5.5
CVE-2021-39751
MEDIUM
Android 12L - Unauthenticated Local Information Disclosure via Bluetooth Device Name
CVSS 5.5
Details
Vulnerabilities
8,407
Exploit Likelihood
High