The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,408 vulnerabilities with CWE-862
CVE-2021-40884
HIGH
Projectsend r1295 - Info Disclosure
CVSS 8.1
CVE-2021-37976
MEDIUM
KEV
Google Chrome < 94.0.4606.71 - Unauthenticated Sensitive Information Exposure via Crafted HTML Page
CVSS 6.5
CVE-2021-32172
CRITICAL
Maian Cart 3.8 - Unauthenticated Remote Code Execution via Elfinder Plugin
CVSS 9.8
CVE-2021-0686
MEDIUM
Android - Local Information Disclosure via Missing Permission Check in RoleManagerService
CVSS 5.5
CVE-2021-0682
MEDIUM
Android - Missing Authorization in NotificationManagerService
CVSS 5.5
CVE-2021-0681
MEDIUM
Android - Local Information Disclosure via Missing Permission Check in System Properties
CVSS 5.5
CVE-2021-0680
MEDIUM
Android - Local Information Disclosure via Missing Permission Check in System Properties
CVSS 5.5
CVE-2021-39226
CRITICAL
KEV
Grafana < 7.5.11 - Unauthenticated Snapshot Data Exposure and Deletion via Direct Path Access
CVSS 9.8
CVE-2021-41554
HIGH
ARCHIBUS Web Central 21.3.3.815 - Authenticated Missing Authorization in Administrative Endpoints
CVSS 8.8
CVE-2021-39893
MEDIUM
GitLab 9.1.0-14.1.6 - Unauthenticated Denial of Service via File Parsing
CVSS 5.3
CVE-2021-39347
MEDIUM
Stripe for WooCommerce 3.0.0-3.3.9 - Missing Authorization in User Edit Save Function
CVSS 4.3
CVE-2021-41729
CRITICAL
BaiCloud-cms 2.5.7 - Arbitrary File Deletion via /user/ppsave.php
CVSS 9.1
CVE-2021-3653
HIGH
Linux Kernel < 5.14-rc7 - Missing Authorization in KVM SVM Nested Virtualization
CVSS 8.8
CVE-2021-33924
CRITICAL
Confluent Ansible 5.5.0-5.5.2, 6.0.0 - Missing Authorization
CVSS 9.8
CVE-2021-37270
CRITICAL
CMS Enterprise Website Construction System 5.0 - Unauthenticated Missing Authorization
CVSS 9.8
CVE-2021-24633
MEDIUM
Countdown Block < 1.1.2 - Authenticated Arbitrary Post Content Modification via eb_write_block_css AJAX Action
CVSS 4.3
CVE-2021-34648
MEDIUM
Ninja Forms <= 3.5.7 - Authenticated Arbitrary Email Sending via trigger_email_action
CVSS 6.4
CVE-2021-34647
MEDIUM
Ninja Forms <= 3.5.7 - Authenticated Sensitive Information Disclosure via Bulk Export Submissions
CVSS 6.5
CVE-2021-24639
HIGH
OMGF WordPress Plugin < 4.5.4 - Authenticated Path Traversal and Arbitrary File Deletion via omgf_ajax_empty_dir
CVSS 8.1
CVE-2021-24635
MEDIUM
Visual Link Preview < 2.2.3 - Authenticated Improper Access Control via AJAX Actions
CVSS 5.4
CVE-2021-33704
HIGH
SAP Business One <10.0 - Privilege Escalation
CVSS 8.8
CVE-2021-22149
HIGH
Elastic Enterprise Search App Search < 7.14.0 - Authenticated Missing Authorization via Alternate API Route
CVSS 8.8
CVE-2021-22147
MEDIUM
Elasticsearch 7.11.0-7.13.4 - Authenticated Missing Authorization in Searchable Snapshots
CVSS 6.5
CVE-2021-41077
HIGH
Travis CI 2021-09-03-2021-09-10 - Unauthorized Secret Data Exposure via Forked Repository Build Process
CVSS 7.5
CVE-2021-38164
MEDIUM
SAP ERP Financial Accounting - Privilege Escalation
CVSS 5.4
Details
Vulnerabilities
8,408
Exploit Likelihood
High