The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,408 vulnerabilities with CWE-862
CVE-2021-0978
LOW
Android - Local Information Disclosure via Side Channel in DeviceIdentifiersPolicyService
CVSS 3.3
CVE-2021-0965
HIGH
Android - Missing Authorization for Bluetooth Device Pairing
CVSS 8.8
CVE-2021-0926
HIGH
Android - Missing Authorization in NfcImportVCardActivity
CVSS 7.8
CVE-2021-0923
HIGH
Android 12 - Missing Authorization in Permission.java
CVSS 7.8
CVE-2021-0922
HIGH
Android - Missing Authorization Check in PackageManagerService
CVSS 7.8
CVE-2021-0653
MEDIUM
Android - Local Information Disclosure via Missing Permission Check in NetworkPolicyManagerService
CVSS 5.5
CVE-2021-44233
HIGH
SAP GRC Access Control V1100_700 V1100_731 V1200_750 - Authenticated Privilege Escalation
CVSS 8.8
CVE-2021-42367
MEDIUM
Variation Swatches for WooCommerce <= 2.1.1 - Authenticated Stored Cross-Site Scripting via Settings Parameters
CVSS 6.4
CVE-2021-41066
HIGH
Listary < 6 - Missing Authorization
CVSS 7.5
CVE-2021-24836
MEDIUM
Temporary Login Without Password < 1.7.1 - Authenticated Missing Authorization in Settings Update
CVSS 4.3
CVE-2021-24790
MEDIUM
Contact Form Advanced Database <1.0.8 - CSRF
CVSS 4.3
CVE-2021-20867
MEDIUM
Advanced Custom Fields <5.11 - Info Disclosure
CVSS 6.5
CVE-2021-20866
MEDIUM
Advanced Custom Fields <5.11 - Info Disclosure
CVSS 6.5
CVE-2021-20865
HIGH
Advanced Custom Fields <5.11 - Info Disclosure
CVSS 7.5
CVE-2021-4089
MEDIUM
snipe-it < 5.3.3 and 5.3.4 - Improper Access Control
CVSS 4.3
CVE-2021-25519
MEDIUM
CPLC <SMR Dec-2021 Release 1 - Info Disclosure
CVSS 4.0
CVE-2021-43781
MEDIUM
Invenio-Drafts-Resources <0.13.7, 0.14.6 - Privilege Escalation
CVSS 6.4
CVE-2021-24914
HIGH
Tawk.To Live Chat WordPress Plugin < 0.6.0 - Authenticated Missing Authorization via AJAX Actions
CVSS 8.0
CVE-2021-35413
HIGH
Chamilo LMS 1.11.0-1.11.16 - Authenticated Remote Code Execution via .htaccess File Upload
CVSS 8.8
CVE-2021-24842
MEDIUM
WordPress Plugin <1.12 - Info Disclosure
CVSS 5.4
CVE-2021-36917
MEDIUM
Hide My WP < 6.2.3 - Unauthenticated Plugin Deactivation via Reset Token
CVSS 6.5
CVE-2021-20835
HIGH
Mercari (Merpay) Japan <4.49.1 - CSRF
CVSS 7.5
CVE-2021-39236
HIGH
Apache Ozone < 1.2.0 - Authenticated User Impersonation via OM Request
CVSS 8.8
CVE-2021-39232
HIGH
Apache Ozone < 1.2.0 - Authenticated Missing Authorization for Admin Commands
CVSS 8.8
CVE-2021-39231
CRITICAL
Apache Ozone < 1.2.0 - Missing Authorization for Internal RPC Endpoints
CVSS 9.1
Details
Vulnerabilities
8,408
Exploit Likelihood
High