Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,140 vulnerabilities with CWE-862

CVE-2026-8236 MEDIUM

Concrete CMS 9.5.0 and below is vulnerable to IDOR combined with a missing authentication gate for endpoint /ccm/system/dialogs/file/usage/{fID}

CVE-2026-7879 MEDIUM

Concrete CMS 9.5.0 and below is vulnerable to File Download Authorization Bypass in submit_password()

CVE-2026-4843 MEDIUM

GSheet For Woo Importer <= 2.3.1 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Reset

CVE-2026-39593 MEDIUM

WordPress HAPPY plugin <= 1.0.10 - Broken Access Control vulnerability

CVE-2026-27393 MEDIUM

WordPress CF7 WOW Styler plugin <= 1.7.6 - Broken Access Control vulnerability

CVE-2026-33137 CRITICAL

XWiki Platform REST /wikis/{wikiName} - Unauthenticated XAR Import

CVE-2026-21836 MEDIUM

HCL DominoIQ is affected by broken access control

CVE-2026-45443 MEDIUM

WordPress PDF for Elementor Forms + Drag And Drop Template Builder plugin <= 5.5.1 - Broken Access Control vulnerability

CVE-2026-27424 MEDIUM

WordPress Image Photo Gallery Final Tiles Grid plugin <= 3.6.11 - Broken Access Control vulnerability

CVE-2026-27405 MEDIUM

WordPress WpBookingly plugin <= 1.2.9 - Broken Access Control vulnerability

CVE-2026-5200 HIGH

AcyMailing <= 10.8.2 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via 'acymailing_router'

CVE-2026-44392 MEDIUM

Movable Type < 9.1.1, < 9.0.7, < 8.8.3, < 8.0.10 - Missing Authorization

CVE-2026-8610 MEDIUM

TypeSquare Webfonts for ConoHa <= 2.0.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Modification via 'fontThemeUseType' Parameter

CVE-2026-8495 CRITICAL

Date iCal - Critical - Information disclosure - SA-CONTRIB-2026-037

CVE-2026-34358 HIGH

CtrlPanel: Missing Authorization on Admin Write Endpoints Allows RBAC Bypass

CVE-2026-34233 MEDIUM

CtrlPanel has Missing Authentication Checks in Datatable Admin Endpoints

CVE-2026-8096 MEDIUM

Kirki <= 6.0.6 - Missing Authorization to Authenticated (Subscriber+) Sensitive Form Submission Data Exposure via 'kirki_wp_admin_get_apis' Action

CVE-2026-34154 MEDIUM

Discourse Subscriptions Plugin - Subscription Access Bypass

CVE-2026-47100 HIGH

Funnel Builder for WooCommerce Checkout < 3.15.0.3 Missing Authorization via AJAX

CVE-2026-45442 MEDIUM

WordPress Presto Player plugin <= 4.1.3 - Broken Access Control vulnerability

CVE-2026-33514 MEDIUM

Discourse: Information Disclosure in Form Template API Due to Missing Authorization

CVE-2026-32312 MEDIUM

GLPI: Unauthorized export of form structure

CVE-2026-30950 HIGH

AutoGPT has Authenticated Session Hijacking via IDOR

CVE-2026-45244 MEDIUM

Summarize < 0.15.1 Unapproved Browser Automation Execution

CVE-2026-45243 MEDIUM

Summarize < 0.15.1 Browser Extension Missing Authorization via Content Script

Previous Page 11 of 326 Next

Details

Vulnerabilities 8,140

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy