The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,408 vulnerabilities with CWE-862
CVE-2021-36909
HIGH
WP Reset PRO <= 5.98 - Authenticated Database Reset
CVSS 8.8
CVE-2021-0672
MEDIUM
Android Browser - Unauthenticated Information Disclosure via Missing Permission Check
CVSS 5.5
CVE-2021-24851
MEDIUM
WordPress Insert Pages <3.7.0 - Info Disclosure
CVSS 4.3
CVE-2021-42062
MEDIUM
SAP ERP HCM Portugal - Missing Authorization for Payroll Data Report
CVSS 4.3
CVE-2021-40502
HIGH
SAP Commerce - Privilege Escalation
CVSS 8.8
CVE-2021-40501
HIGH
SAP ABAP Platform Kernel - Privilege Escalation
CVSS 8.1
CVE-2021-42359
HIGH
WP DSGVO Tools (GDPR) <= 3.1.23 - Unauthenticated Arbitrary Post Deletion via admin-dismiss-unsubscribe AJAX Action
CVSS 7.5
CVE-2021-21694
CRITICAL
Jenkins < 2.303.3 and < 2.319 - Missing Authorization in FilePath Methods
CVSS 9.8
CVE-2021-21688
HIGH
Jenkins < 2.303.3 and < 2.319 - Missing Authorization in FilePath Reading
CVSS 7.5
CVE-2021-21687
CRITICAL
Jenkins < 2.303.3 and < 2.319 - Missing Authorization for Symbolic Link Creation in FilePath#untar
CVSS 9.1
CVE-2021-21685
CRITICAL
Jenkins < 2.303.3 and < 2.319 - Missing Authorization for Directory Creation via FilePath#mkdirs
CVSS 9.1
CVE-2021-41238
HIGH
Hangfire 1.7.25 - Missing Authorization in Dashboard UI
CVSS 8.6
CVE-2021-39225
HIGH
Nextcloud Deck < 1.2.9, 1.4.5, 1.5.3 - Authenticated Authorization Bypass
CVSS 8.1
CVE-2021-24779
MEDIUM
WP Debugging < 2.11.0 - Unauthenticated Settings Update via Missing Authorization
CVSS 6.5
CVE-2021-0706
MEDIUM
Android 10-11 - Unauthenticated Denial of Service via PluginManagerImpl Missing Permission Check
CVSS 5.5
CVE-2021-0643
MEDIUM
Android - Missing Authorization in SubscriptionController
CVSS 5.5
CVE-2021-31384
HIGH
Juniper Junos OS SRX Series 20.4R1-20.4R3, 21.1-21.1R1 - Unauthenticated J-Web Access Bypass
CVSS 7.2
CVE-2021-30810
MEDIUM
iPadOS < 15.0 - Missing Authorization via Wi-Fi Network Selection
CVSS 4.3
CVE-2021-38486
HIGH
InHand Networks IR615 Router's Versions 2.3.0.r4724-2.3.0.r4870 - RCE
CVSS 8.0
CVE-2021-24677
MEDIUM
WordPress Plugin <3.4.0 - Info Disclosure
CVSS 5.3
CVE-2021-37738
HIGH
Aruba ClearPass Policy Manager 6.8.0-6.8.9 - Unauthenticated Sensitive Information Disclosure
CVSS 7.5
CVE-2021-38431
MEDIUM
Advantech WebAccess SCADA <9.0.3 - Info Disclosure
CVSS 4.3
CVE-2021-42331
MEDIUM
ShinHer StudyOnline System - Missing Authorization in Study Edit Function
CVSS 5.4
CVE-2021-20834
MEDIUM
Nike App <2.177-2.177.1 - Open Redirect
CVSS 6.1
CVE-2021-39184
MEDIUM
Electron < 11.5.0, 12.1.0, 13.3.0 - Unauthorized File Content Exposure via Thumbnail API
CVSS 6.8
Details
Vulnerabilities
8,408
Exploit Likelihood
High