CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,408 vulnerabilities with CWE-862
CVE-2021-25014 LOW
Ibtana < 1.1.4.9 - Authenticated Missing Authorization & Stored XSS via ive_save_general_settings
CVSS 3.5
CVE-2021-39662 HIGH
Android 11-12 - Missing Authorization in MediaProvider
CVSS 7.8
CVE-2021-25095 HIGH
IP2Location Country Blocker <2.26.5 - CSRF
CVSS 7.1
CVE-2021-25084 MEDIUM
Advanced Cron Manager <2.4.2/2.5.3 - Auth Bypass
CVSS 4.3
CVE-2021-24993 MEDIUM
The Ultimate Product Catalog WP <5.0.26 - CSRF
CVSS 6.5
CVE-2021-24839 HIGH
SupportCandy WordPress <2.2.5 - CSRF
CVSS 7.5
CVE-2021-25093 HIGH
Link Library < 7.2.8 - Unauthenticated Arbitrary Link Deletion
CVSS 7.5
CVE-2021-44795 MEDIUM
Krontech Single Connect < 2.16 - Unauthenticated Permission Modification via sc-assigned-credential-ui Module
CVSS 5.3
CVE-2021-44794 MEDIUM
Krontech Single Connect < 2.16 - Missing Authorization in sc-diagnostic-ui Module
CVSS 5.3
CVE-2021-44793 HIGH
Krontech Single Connect < 2.16 - Missing Authorization in sc-reports-ui Module
CVSS 8.6
CVE-2021-44792 MEDIUM
Krontech Single Connect < 2.16 - Unauthenticated Sensitive Information Exposure via Log-Monitor Module
CVSS 5.3
CVE-2021-25013 MEDIUM
Qubely < 1.7.8 - Authenticated Arbitrary Post Deletion via qubely_delete_saved_block AJAX Action
CVSS 6.5
CVE-2021-24968 MEDIUM
Ultimate FAQ < 2.1.2 - Authenticated Missing Authorization via AJAX Actions
CVSS 5.7
CVE-2021-24906 HIGH
Protect WP Admin <3.6.2 - Auth Bypass
CVSS 7.5
CVE-2021-38789 HIGH
Allwinner R818 - Privilege Escalation
CVSS 7.5
CVE-2021-44840 LOW
Delta RM 1.2 - Missing Authorization for Risk Label Management via /core/table/query Endpoint
CVSS 2.7
CVE-2021-4074 MEDIUM
WHMCS Bridge < 6.1 - Authenticated Stored Cross-Site Scripting via cc_whmcs_bridge_url Parameter
CVSS 6.4
CVE-2021-25025 MEDIUM
EventCalendar < 1.1.51 - Missing Authorization and CSRF in add_calendar_event AJAX Action
CVSS 4.3
CVE-2021-39622 HIGH
Android 10-12 - Missing Authorization Bypass in GBoard Factory Reset Protection
CVSS 7.8
CVE-2021-28506 CRITICAL
Arista EOS 4.24.0-4.24.7m - Unauthenticated Factory Reset via gNOI API
CVSS 9.1
CVE-2021-1037 MEDIUM
Android - Unauthenticated Bluetooth Device Pairing Information Disclosure via Broadcast
CVSS 5.3
CVE-2021-40327 MEDIUM
Trusted Firmware-M 1.4.0 - Privilege Escalation
CVSS 5.9
CVE-2021-25032 CRITICAL
PublishPress Capabilities <2.3.1 - CSRF
CVSS 9.8
CVE-2021-46075 HIGH
Sourcecodester Vehicle Service Mgmt 1.0 - Privilege Escalation
CVSS 7.2
CVE-2021-24831 HIGH
Tab WordPress <1.3.2 - Info Disclosure
CVSS 7.5
Details
Vulnerabilities 8,408
Exploit Likelihood High