Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

7,701 vulnerabilities with CWE-862

CVE-2026-22683 HIGH

Windmill < 1.615.0 Operator Role Missing Authorization Checks RCE

CVE-2026-4292 LOW

Privilege abuse in ModelAdmin.list_editable

CVE-2026-4277 CRITICAL

Privilege abuse in GenericInlineModelAdmin

CVE-2026-33866 MEDIUM

Authorization Bypass in MLflow AJAX Endpoint

CVE-2026-34903 MEDIUM

WordPress Ocean Extra plugin <= 2.5.3 - Broken Access Control vulnerability

CVE-2026-34899 MEDIUM

WordPress LTL Freight Quotes – Worldwide Express Edition plugin <= 5.2.1 - Broken Access Control vulnerability

CVE-2026-35448 LOW

WWBN AVideo Provides Unauthenticated Access to Payment Order Data via BlockonomicsYPT check.php

CVE-2026-35182 HIGH

Missing Authorization Privilege Escalation

CVE-2026-35179 MEDIUM

WWBN AVideo Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php

CVE-2026-35175 MEDIUM

Ajenti has an authorization bypass during custom package installation

CVE-2026-34976 CRITICAL

Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization

CVE-2026-3524 HIGH

Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission Check

CVE-2026-5624 MEDIUM

ProjectSend upload.php cross-site request forgery

CVE-2026-5574 MEDIUM

Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization

CVE-2026-5572 MEDIUM

Technostrobe HI-LED-WR120-G2 cross-site request forgery

CVE-2026-3445 HIGH

ProfilePress < 4.16.11 - Payment Bypass

CVE-2026-2826 MEDIUM

Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload

CVE-2026-3571 MEDIUM

Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification

CVE-2026-34766 LOW

Electron: USB device selection not validated against filtered device list

CVE-2026-27833 HIGH

Piwigo: Unauthenticated Information Disclosure via pwg.history.search API

CVE-2026-35561 HIGH

Insufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver

CVE-2026-25742 MEDIUM

Zulip: Anonymous File Access After Disabling Spectator Access

CVE-2026-22663 HIGH

prompts.chat Authorization Bypass Information Disclosure

CVE-2026-34759 HIGH

OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure

CVE-2026-33950 CRITICAL

signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity

Previous Page 10 of 309 Next

Details

Vulnerabilities 7,701

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy