Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,140 vulnerabilities with CWE-862

CVE-2026-9486 MEDIUM

SourceCodester Student Grades Management System cross-site request forgery

CVE-2026-24546 MEDIUM

WordPress GamiPress plugin <= 7.6.3 - Broken Access Control vulnerability

CVE-2026-2651 CRITICAL

Missing Authorization Validation in mlflow/mlflow

CVE-2026-9350 HIGH

NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization

CVE-2026-9303 MEDIUM

calcom cal.diy cross-site request forgery

CVE-2026-9284 HIGH

WooCommerce PayPal Payments <= 4.0.1 - Missing Authorization to Unauthenticated Order Manipulation and Information Disclosure

CVE-2026-3294 HIGH

Authentication Logic Vulnerability on Multiple TP-Link Range Extenders

CVE-2026-39967 LOW

TypeBot: Cross-Typebot Result Data Access via Missing typebotId Filter

CVE-2026-9255 HIGH

Tool Execution Without Authorization via Piped Stdin in Kiro CLI

CVE-2026-33712 CRITICAL

TypeBot: Unauthenticated SSRF via isolated-vm fetch in preview chat endpoint bypasses SSRF controls

CVE-2026-9251 MEDIUM

Devolutions Server - Missing Authorization

CVE-2026-9246 MEDIUM

Devolutions Server - Missing Authorization

CVE-2026-9224 MEDIUM

Devolutions Server - Missing Authorization

CVE-2026-9011 HIGH

Ditty <= 3.1.65 - Missing Authorization to Unauthenticated Sensitive Information Disclosure via ditty_init AJAX Action

CVE-2026-8692 MEDIUM

Vedrixa Forms <= 1.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Form Structure Modification via wefb_save_form_structure AJAX Action

CVE-2026-8684 MEDIUM

MotoPress Hotel Booking <= 6.0.1 - Missing Authorization to Unauthenticated Arbitrary Booking Notes Modification via mphb_update_booking_notes AJAX Action

CVE-2026-8381 MEDIUM

Broken Access Control in TeamViewer DEX Platform (On Premises)

CVE-2026-7249 MEDIUM

Location Weather <= 3.0.2 - Missing Authorization to Authenticated (Contributor+) Block Settings Modification and Cache Purging

CVE-2026-44409 MEDIUM

ZTE MU5250 - Unauthorized Information Disclosure

CVE-2026-2518 MEDIUM

FastX <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Installation and Activation

CVE-2026-39833 CRITICAL

Invoking key constraints not enforced in golang.org/x/crypto/ssh/agent

CVE-2026-39831 CRITICAL

Invoking bypass of FIDO/U2F security keys physical interaction in golang.org/x/crypto/ssh

CVE-2026-8239 MEDIUM

Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/get_rating'

CVE-2026-8238 MEDIUM

Concrete CMS 9.5.0 and below is vulnerable to IDOR in '/ccm/frontend/conversations/message_page' allowing unauthenticated read of any conversation message

CVE-2026-8237 MEDIUM

Concrete CMS 9.5.0 and below is vulnerable to IDOR in the`/ccm/frontend/conversations/message_detail` endpoint

Previous Page 10 of 326 Next

Details

Vulnerabilities 8,140

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy