Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

7,700 vulnerabilities with CWE-862

CVE-2026-3143 MEDIUM

Total Upkeep <= 1.17.1 - Missing Authorization to Unauthenticated Rollback Cancellation

CVE-2026-40601 HIGH

Chartbrew: Missing Authorization in /api/chart/:chart_id/query via team-level refresh toggle

CVE-2026-42522 MEDIUM

Jenkins GitHub Branch Source Plugin <=1967.vdea_d580c1a_b_a_ - Auth Bypass

CVE-2026-42519 MEDIUM

Jenkins Script Security Plugin <=1399.ve6a_66547f6e1 - Info Disclosure

CVE-2026-42648 MEDIUM

WordPress Spectra plugin <= 2.19.22 - Broken Access Control vulnerability

CVE-2026-42642 MEDIUM

WordPress GiveWP plugin <= 4.14.5 - Broken Access Control vulnerability

CVE-2026-4019 MEDIUM

Complianz – GDPR/CCPA Cookie Consent <= 7.4.5 - Missing Authorization to Unauthenticated Private Post Content Disclosure via Consent Area REST Endpoint

CVE-2026-42412 MEDIUM

WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability

CVE-2026-42377 HIGH

WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability

CVE-2026-41394 HIGH

OpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth Routes

CVE-2026-41382 MEDIUM

OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps

CVE-2026-41378 HIGH

OpenClaw < 2026.3.31 - Privilege Escalation to Remote Code Execution via Unrestricted node.event Agent Dispatch

CVE-2026-6706 MEDIUM

Devolutions Server <=2026.1.14.0 - Auth Bypass

CVE-2026-5944 HIGH

Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access

CVE-2026-40976 CRITICAL

Spring Boot 4.0.0-4.0.5 - Auth Bypass

CVE-2026-41464 MEDIUM

ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php

CVE-2026-7108 MEDIUM

code-projects Invoice System in Laravel cross-site request forgery

CVE-2026-41477 HIGH

Deskflow: Local privilege escalation via unauthenticated IPC

CVE-2026-3569 MEDIUM

Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint

CVE-2026-5347 MEDIUM

WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter

CVE-2026-6393 MEDIUM

BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage

CVE-2026-5488 MEDIUM

ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token'

CVE-2026-33318 HIGH

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

CVE-2026-40623 HIGH

SenseLive X3050 Missing Authorization

CVE-2026-41352 HIGH

OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass

Page 1 of 308 Next

Details

Vulnerabilities 7,700

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy