CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,408 vulnerabilities with CWE-862
CVE-2021-39751 MEDIUM
Android 12L - Unauthenticated Local Information Disclosure via Bluetooth Device Name
CVSS 5.5
CVE-2021-39750 HIGH
Android 12L - Missing Authorization in PackageManager
CVSS 7.8
CVE-2021-39749 HIGH
Android 12L - Missing Authorization Check in WindowManager
CVSS 7.8
CVE-2021-39743 HIGH
Android - Missing Authorization in PackageManager
CVSS 7.8
CVE-2021-39742 MEDIUM
Android 12L - Unauthenticated Local Information Disclosure via Voicemail Identifier Retrieval
CVSS 5.5
CVE-2021-24978 MEDIUM
OSMapper WordPress <2.1.5 - Info Disclosure
CVSS 5.3
CVE-2021-3814 HIGH
3scale < 2.11.0 - Missing Authorization in APIdocs Token Validation
CVSS 7.5
CVE-2021-39734 HIGH
Android - Missing Authorization in OneToOneChatImpl
CVSS 7.8
CVE-2021-39706 HIGH
Android - Local Privilege Escalation via CredentialStorage Cleanup
CVSS 7.8
CVE-2021-39697 HIGH
Android 11-12 - Missing Authorization in DownloadProvider
CVSS 7.8
CVE-2021-24950 MEDIUM
Insight Core WordPress Plugin <= 1.0 - PHP Object Injection & Stored XSS via Customizer Import
CVSS 5.4
CVE-2021-32477 MEDIUM
moodle 3.10-3.10.3 - Missing Authorization for Mobile App Last Access Time
CVSS 4.3
CVE-2021-32472 MEDIUM
Moodle 3.8.0-3.8.8, 3.9.0-3.9.6, 3.10.0-3.10.3 - Unauthorized Forum Data Export via CSV Export Feature
CVSS 4.3
CVE-2021-41233 MEDIUM
Nextcloud <22.2.1 - Info Disclosure
CVSS 6.5
CVE-2021-41241 MEDIUM
Nextcloud Server < 20.0.14 - Missing Authorization in Groupfolders Subfolder Access
CVSS 4.3
CVE-2021-41239 MEDIUM
Nextcloud <20.0.13, <21.0.5, <22.2 - Info Disclosure
CVSS 5.3
CVE-2021-25087 HIGH
WordPress Download Manager <3.2.35 - Info Disclosure
CVSS 7.5
CVE-2021-3656 HIGH
Linux Kernel 4.13-<4.14.245 - Missing Authorization in KVM SVM Nested Virtualization
CVSS 8.8
CVE-2021-41112 HIGH
Rundeck <3.4.5 - Privilege Escalation
CVSS 8.1
CVE-2021-25042 MEDIUM
WP Visitor Statistics < 5.5 - Authenticated Missing Authorization & XSS via updateIpAddress
CVSS 5.4
CVE-2021-25011 MEDIUM
WP Google Map < 1.8.1 - Authenticated Missing Authorization and CSRF in AJAX Actions
CVSS 5.7
CVE-2021-24977 MEDIUM
Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Injection and Stored Cross-Site Scripting
CVSS 6.1
CVE-2021-24730 MEDIUM
Logo Showcase with Slick Slider WordPress plugin <1.2.5 - CSRF
CVSS 4.3
CVE-2021-25075 LOW
WordPress Duplicate Page/Post <1.5.1 - CSRF
CVSS 3.5
CVE-2021-25018 MEDIUM
PPOM for WooCommerce WordPress plugin <24.0 - CSRF
CVSS 5.4
Details
Vulnerabilities 8,408
Exploit Likelihood High