The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
8,410 vulnerabilities with CWE-862
CVE-2021-21432
HIGH
Vela 0.7.0-0.7.4 - Unauthenticated Secret Exposure via .netrc File
CVSS 7.5
CVE-2021-30155
MEDIUM
MediaWiki <1.35.2 - Privilege Escalation
CVSS 4.3
CVE-2021-22513
MEDIUM
Micro Focus Application Automation Tools < 6.7 - Missing Authorization
CVSS 6.5
CVE-2021-27900
HIGH
Proofpoint Insider Threat Management < 7.9.3 - Missing Authorization in Web Console
CVSS 8.1
CVE-2021-24184
HIGH
Tutor LMS < 1.7.7 - Missing Authorization in AJAX Endpoints
CVSS 8.8
CVE-2021-24164
MEDIUM
Ninja Forms < 3.4.34.1 - Missing Authorization via OAuth Connection URL Retrieval
CVSS 4.3
CVE-2021-24163
HIGH
Ninja Forms < 3.4.34 - Missing Authorization via wp_ajax_ninja_forms_sendwp_remote_install_handler
CVSS 8.8
CVE-2021-1755
LOW
macOS < 11.0.1 - Unauthenticated Lock Screen Bypass to Contacts
CVSS 2.4
CVE-2021-21637
MEDIUM
Jenkins Team Foundation Server Plugin < 5.157.1 - Missing Authorization for Credential Capture via URL Connection
CVSS 6.5
CVE-2021-21636
MEDIUM
Jenkins Team Foundation Server Plugin < 5.157.1 - Missing Authorization for Credentials Enumeration
CVSS 4.3
CVE-2021-21632
MEDIUM
Jenkins OWASP Dependency-Track < 3.1.0 - Missing Authorization for URL Connection
CVSS 6.5
CVE-2021-21631
MEDIUM
Jenkins Cloud Statistics Plugin < 0.26 - Missing Authorization in HTTP Endpoint
CVSS 4.3
CVE-2021-28669
HIGH
Xerox AltaLink B80xx/C8030/C8035/C8045/C8055/C8070 < 103.008.020.23120 - Missing Authorization
CVSS 7.5
CVE-2021-21437
LOW
OTRS ITSM <7.0.24 & CIsInCustomerFrontend <7.0.15 - Missing Authorization for Linked Config Items
CVSS 3.5
CVE-2021-26990
CRITICAL
NetApp Cloud Manager < 3.9.4 - Arbitrary File Write via Missing Authorization
CVSS 9.1
CVE-2021-27656
MEDIUM
exacqVision Web Service <20.12.2.0 - Info Disclosure
CVSS 5.3
CVE-2021-24146
HIGH
Modern Events Calendar Lite < 5.16.5 - Unauthenticated Information Disclosure via Export Function
CVSS 7.5
CVE-2021-21626
MEDIUM
Jenkins Warnings Next Generation Plugin <= 8.4.4 - Missing Authorization in Form Validation
CVSS 4.3
CVE-2021-21625
MEDIUM
Jenkins CloudBees AWS Credentials Plugin < 1.28 - Missing Authorization in HTTP Endpoint Helper Method
CVSS 4.3
CVE-2021-20283
MEDIUM
moodle 3.5.0-3.5.16 and 3.10.0-3.10.1 - Missing Authorization in Course Enrollment Web Service
CVSS 4.3
CVE-2021-28375
HIGH
Linux Kernel 5.1-5.11.6 - Missing Authorization in fastrpc_internal_invoke
CVSS 7.8
CVE-2021-28154
CRITICAL
Camunda Modeler <4.6.0 - Code Injection
CVSS 9.1
CVE-2021-28141
CRITICAL
Progress Telerik UI for ASP.NET AJAX 2021.1.224 - Auth Bypass
CVSS 9.8
CVE-2021-0389
HIGH
Android - Missing Authorization in UiModeManagerService
CVSS 7.8
CVE-2021-0388
HIGH
Android 11 - Missing Authorization in ImsPhoneCallTracker Broadcast Handler
CVSS 7.8
Details
Vulnerabilities
8,410
Exploit Likelihood
High