The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,410 vulnerabilities with CWE-862
CVE-2021-0518
MEDIUM
Android 13 - Unauthenticated Location-Sensitive Data Leak via Wi-Fi
CVSS 5.5
CVE-2021-33676
HIGH
SAP CRM <715 - Privilege Escalation
CVSS 7.2
CVE-2021-33671
HIGH
SAP NetWeaver Guided Procedures - Privilege Escalation
CVSS 8.8
CVE-2021-20747
MEDIUM
Retty App <4.8.13-4.11.14 - Open Redirect
CVSS 4.3
CVE-2021-36124
CRITICAL
Echo ShareCare <8.15.5 - Info Disclosure
CVSS 9.8
CVE-2021-22233
MEDIUM
GitLab 13.10.0-13.11.6 - Unauthenticated Information Disclosure via Project Details
CVSS 4.3
CVE-2021-20777
MEDIUM
GU App for Android <5.0.2 - Open Redirect
CVSS 4.3
CVE-2021-21676
MEDIUM
Jenkins requests-plugin < 2.2.7 - Missing Authorization in HTTP Endpoint
CVSS 4.3
CVE-2021-27903
CRITICAL
Craft CMS < 3.6.7 - Remote Code Execution via Administrative Session Hijack
CVSS 9.8
CVE-2021-29958
MEDIUM
Firefox for iOS < 34.0 - Missing Authorization for Private Browsing Mode Cookie Isolation
CVSS 4.3
CVE-2021-0547
HIGH
Android - Missing Authorization in NetInitiatedActivity
CVSS 7.8
CVE-2021-0539
HIGH
Android 11 - Missing Authorization in MmsService.java
CVSS 7.8
CVE-2021-0568
HIGH
Android 11 - Missing Authorization in DevicePolicyManagerService
CVSS 7.8
CVE-2021-0554
MEDIUM
Android - Missing Authorization in BackupManagerService
CVSS 5.5
CVE-2021-20733
MEDIUM
asken 3.0.0-4.2.x - Unauthenticated Open Redirect via Custom URL Scheme Handler
CVSS 6.1
CVE-2021-0521
MEDIUM
Android - Unauthenticated Information Disclosure via PackageManagerService getAllPackages
CVSS 5.5
CVE-2021-0513
HIGH
Android 8.1-11 - Unauthenticated Permission Bypass via NotificationManagerService State Validation
CVSS 7.8
CVE-2021-0505
HIGH
Android 11 - Missing Authorization in Settings VPN Configuration
CVSS 7.8
CVE-2021-24356
HIGH
Simple 301 Redirects by BetterLinks 2.0.0-2.0.4 - Authenticated Arbitrary Plugin Activation via AJAX Action
CVSS 8.8
CVE-2021-24355
MEDIUM
Simple 301 Redirects by BetterLinks 2.0.0-2.0.3 - Authenticated Missing Authorization via AJAX Actions
CVSS 4.3
CVE-2021-24354
HIGH
Simple 301 Redirects by BetterLinks < 2.0.4 - Authenticated Arbitrary Plugin Installation via AJAX Action
CVSS 8.8
CVE-2021-24353
HIGH
Simple 301 Redirects by BetterLinks 2.0.0-2.0.3 - Unauthenticated Missing Authorization in Import Data Function
CVSS 8.8
CVE-2021-24352
HIGH
Simple 301 Redirects by BetterLinks 2.0.0-2.0.4 - Unauthenticated Sensitive Data Exposure via Export Function
CVSS 8.8
CVE-2021-21382
HIGH
restund < 0.4.15 - Unauthenticated Administrative Command Execution via TURN Relay
CVSS 8.6
CVE-2021-0491
HIGH
Android - Missing Authorization Leading to Local Privilege Escalation in Memory Management Driver
CVSS 7.8
Details
Vulnerabilities
8,410
Exploit Likelihood
High