The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,408 vulnerabilities with CWE-862
CVE-2021-39751
MEDIUM
Android 12L - Unauthenticated Local Information Disclosure via Bluetooth Device Name
CVSS 5.5
CVE-2021-39750
HIGH
Android 12L - Missing Authorization in PackageManager
CVSS 7.8
CVE-2021-39749
HIGH
Android 12L - Missing Authorization Check in WindowManager
CVSS 7.8
CVE-2021-39743
HIGH
Android - Missing Authorization in PackageManager
CVSS 7.8
CVE-2021-39742
MEDIUM
Android 12L - Unauthenticated Local Information Disclosure via Voicemail Identifier Retrieval
CVSS 5.5
CVE-2021-24978
MEDIUM
OSMapper WordPress <2.1.5 - Info Disclosure
CVSS 5.3
CVE-2021-3814
HIGH
3scale < 2.11.0 - Missing Authorization in APIdocs Token Validation
CVSS 7.5
CVE-2021-39734
HIGH
Android - Missing Authorization in OneToOneChatImpl
CVSS 7.8
CVE-2021-39706
HIGH
Android - Local Privilege Escalation via CredentialStorage Cleanup
CVSS 7.8
CVE-2021-39697
HIGH
Android 11-12 - Missing Authorization in DownloadProvider
CVSS 7.8
CVE-2021-24950
MEDIUM
Insight Core WordPress Plugin <= 1.0 - PHP Object Injection & Stored XSS via Customizer Import
CVSS 5.4
CVE-2021-32477
MEDIUM
moodle 3.10-3.10.3 - Missing Authorization for Mobile App Last Access Time
CVSS 4.3
CVE-2021-32472
MEDIUM
Moodle 3.8.0-3.8.8, 3.9.0-3.9.6, 3.10.0-3.10.3 - Unauthorized Forum Data Export via CSV Export Feature
CVSS 4.3
CVE-2021-41233
MEDIUM
Nextcloud <22.2.1 - Info Disclosure
CVSS 6.5
CVE-2021-41241
MEDIUM
Nextcloud Server < 20.0.14 - Missing Authorization in Groupfolders Subfolder Access
CVSS 4.3
CVE-2021-41239
MEDIUM
Nextcloud <20.0.13, <21.0.5, <22.2 - Info Disclosure
CVSS 5.3
CVE-2021-25087
HIGH
WordPress Download Manager <3.2.35 - Info Disclosure
CVSS 7.5
CVE-2021-3656
HIGH
Linux Kernel 4.13-<4.14.245 - Missing Authorization in KVM SVM Nested Virtualization
CVSS 8.8
CVE-2021-41112
HIGH
Rundeck <3.4.5 - Privilege Escalation
CVSS 8.1
CVE-2021-25042
MEDIUM
WP Visitor Statistics < 5.5 - Authenticated Missing Authorization & XSS via updateIpAddress
CVSS 5.4
CVE-2021-25011
MEDIUM
WP Google Map < 1.8.1 - Authenticated Missing Authorization and CSRF in AJAX Actions
CVSS 5.7
CVE-2021-24977
MEDIUM
Use Any Font < 6.2.1 - Unauthenticated Arbitrary CSS Injection and Stored Cross-Site Scripting
CVSS 6.1
CVE-2021-24730
MEDIUM
Logo Showcase with Slick Slider WordPress plugin <1.2.5 - CSRF
CVSS 4.3
CVE-2021-25075
LOW
WordPress Duplicate Page/Post <1.5.1 - CSRF
CVSS 3.5
CVE-2021-25018
MEDIUM
PPOM for WooCommerce WordPress plugin <24.0 - CSRF
CVSS 5.4
Details
Vulnerabilities
8,408
Exploit Likelihood
High