The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,408 vulnerabilities with CWE-862
CVE-2021-25014
LOW
Ibtana < 1.1.4.9 - Authenticated Missing Authorization & Stored XSS via ive_save_general_settings
CVSS 3.5
CVE-2021-39662
HIGH
Android 11-12 - Missing Authorization in MediaProvider
CVSS 7.8
CVE-2021-25095
HIGH
IP2Location Country Blocker <2.26.5 - CSRF
CVSS 7.1
CVE-2021-25084
MEDIUM
Advanced Cron Manager <2.4.2/2.5.3 - Auth Bypass
CVSS 4.3
CVE-2021-24993
MEDIUM
The Ultimate Product Catalog WP <5.0.26 - CSRF
CVSS 6.5
CVE-2021-24839
HIGH
SupportCandy WordPress <2.2.5 - CSRF
CVSS 7.5
CVE-2021-25093
HIGH
Link Library < 7.2.8 - Unauthenticated Arbitrary Link Deletion
CVSS 7.5
CVE-2021-44795
MEDIUM
Krontech Single Connect < 2.16 - Unauthenticated Permission Modification via sc-assigned-credential-ui Module
CVSS 5.3
CVE-2021-44794
MEDIUM
Krontech Single Connect < 2.16 - Missing Authorization in sc-diagnostic-ui Module
CVSS 5.3
CVE-2021-44793
HIGH
Krontech Single Connect < 2.16 - Missing Authorization in sc-reports-ui Module
CVSS 8.6
CVE-2021-44792
MEDIUM
Krontech Single Connect < 2.16 - Unauthenticated Sensitive Information Exposure via Log-Monitor Module
CVSS 5.3
CVE-2021-25013
MEDIUM
Qubely < 1.7.8 - Authenticated Arbitrary Post Deletion via qubely_delete_saved_block AJAX Action
CVSS 6.5
CVE-2021-24968
MEDIUM
Ultimate FAQ < 2.1.2 - Authenticated Missing Authorization via AJAX Actions
CVSS 5.7
CVE-2021-24906
HIGH
Protect WP Admin <3.6.2 - Auth Bypass
CVSS 7.5
CVE-2021-38789
HIGH
Allwinner R818 - Privilege Escalation
CVSS 7.5
CVE-2021-44840
LOW
Delta RM 1.2 - Missing Authorization for Risk Label Management via /core/table/query Endpoint
CVSS 2.7
CVE-2021-4074
MEDIUM
WHMCS Bridge < 6.1 - Authenticated Stored Cross-Site Scripting via cc_whmcs_bridge_url Parameter
CVSS 6.4
CVE-2021-25025
MEDIUM
EventCalendar < 1.1.51 - Missing Authorization and CSRF in add_calendar_event AJAX Action
CVSS 4.3
CVE-2021-39622
HIGH
Android 10-12 - Missing Authorization Bypass in GBoard Factory Reset Protection
CVSS 7.8
CVE-2021-28506
CRITICAL
Arista EOS 4.24.0-4.24.7m - Unauthenticated Factory Reset via gNOI API
CVSS 9.1
CVE-2021-1037
MEDIUM
Android - Unauthenticated Bluetooth Device Pairing Information Disclosure via Broadcast
CVSS 5.3
CVE-2021-40327
MEDIUM
Trusted Firmware-M 1.4.0 - Privilege Escalation
CVSS 5.9
CVE-2021-25032
CRITICAL
PublishPress Capabilities <2.3.1 - CSRF
CVSS 9.8
CVE-2021-46075
HIGH
Sourcecodester Vehicle Service Mgmt 1.0 - Privilege Escalation
CVSS 7.2
CVE-2021-24831
HIGH
Tab WordPress <1.3.2 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities
8,408
Exploit Likelihood
High