The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,410 vulnerabilities with CWE-862
CVE-2021-41077
HIGH
Travis CI 2021-09-03-2021-09-10 - Unauthorized Secret Data Exposure via Forked Repository Build Process
CVSS 7.5
CVE-2021-38164
MEDIUM
SAP ERP Financial Accounting - Privilege Escalation
CVSS 5.4
CVE-2021-37535
CRITICAL
SAP NetWeaver Application Server Java 7.11-7.50 - Missing Authorization in JMS Connector Service
CVSS 9.8
CVE-2021-38388
HIGH
Central Dogma - Privilege Escalation
CVSS 8.8
CVE-2021-30713
HIGH
KEV
macOS Big Sur <11.4 - Privilege Escalation
CVSS 7.8
CVE-2021-30657
MEDIUM
KEV
macOS Gatekeeper check bypass
CVSS 5.5
CVE-2021-1835
MEDIUM
iPadOS < 14.5 - Unauthenticated Notes Access from Lock Screen
CVSS 4.6
CVE-2021-38698
MEDIUM
HashiCorp Consul < 1.8.15, 1.10.1 - Missing Authorization in Txn.Apply Endpoint
CVSS 6.5
CVE-2021-40379
HIGH
Compro IP70, IP570, IP60, TN540 Firmware - Unauthenticated RTSP Stream Access
CVSS 7.5
CVE-2021-40378
HIGH
Compro IP70 IP570 IP60 TN540 Firmware - Unauthenticated Denial of Service via killps.cgi
CVSS 8.1
CVE-2021-36232
HIGH
MIK.starlight <7.9.5.24363 - Privilege Escalation
CVSS 8.8
CVE-2021-40088
MEDIUM
PrimeKey EJBCA < 7.6.0 - Missing Authorization in CMP RA Mode Revocation
CVSS 5.4
CVE-2021-30874
HIGH
iPadOS < 15.0 - Unauthenticated VPN Configuration Installation
CVSS 7.5
CVE-2021-0415
MEDIUM
In memory management driver - Info Disclosure
CVSS 5.5
CVE-2021-0642
MEDIUM
Android - Local Information Disclosure via VoicemailSettingsFragment
CVSS 5.5
CVE-2021-0641
MEDIUM
Android 8.1-11 - Unauthenticated Unique Identifier Disclosure via getAvailableSubscriptionInfoList
CVSS 5.5
CVE-2021-38755
MEDIUM
Hospital Management System - Path Traversal
CVSS 5.3
CVE-2021-24501
HIGH
Workreap < 2.2.2 - Authenticated Missing Authorization in AJAX Actions
CVSS 8.1
CVE-2021-24500
HIGH
Workreap < 2.2.2 - Insecure Direct Object Reference and CSRF via AJAX Actions
CVSS 8.1
CVE-2021-35327
CRITICAL
TOTOLINK A720R <4.1.5cu.470_B20200911 - RCE
CVSS 9.8
CVE-2021-33197
MEDIUM
Go <1.15.13, <1.16.5 - Info Disclosure
CVSS 5.3
CVE-2021-34629
MEDIUM
SendGrid < 1.11.8 - Authenticated Authorization Bypass via get_ajax_statistics
CVSS 4.3
CVE-2021-32748
MEDIUM
Nextcloud Richdocuments - Info Disclosure
CVSS 4.3
CVE-2021-0654
MEDIUM
Android - Local Information Disclosure via TaskThumbnailView Missing Permission Check
CVSS 5.5
CVE-2021-0597
MEDIUM
Android - Local Information Disclosure via SipService Profile Notification
CVSS 5.5
Details
Vulnerabilities
8,410
Exploit Likelihood
High