Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,143 vulnerabilities with CWE-862

CVE-2026-44719 MEDIUM

Mathesar: Missing collaborator checks allowed access to database-scoped Mathesar metadata

CVE-2026-44718 MEDIUM

Mathesar: Missing collaborator checks allowed access to saved explorations in other databases

CVE-2026-2031 CRITICAL

Google Cloud Application Integration: Exposed internal APIs allow Information Disclosure and Remote Code Execution.

CVE-2026-7563 MEDIUM

Classified Listing <= 5.3.10 - Subscriber Order Note Authorization Bypass

CVE-2026-4683 MEDIUM

Smartcat Translator for WPML <= 3.1.77 - Missing Authorization to Unauthenticated Plugin Settings Update

CVE-2026-4094 HIGH

FOX – Currency Switcher Professional for WooCommerce <= 1.4.5 - Missing Authorization to Authenticated (Contributor+) Configuration Deletion

CVE-2026-8547 HIGH

Google Chrome < 148.0.7778.168 - Privilege Escalation via Password Policy Bypass

CVE-2026-45371 HIGH

SiYuan: SiYuan publish-mode Reader can mutate Conf and SQL index via 8 ungated APIs

CVE-2026-45147 MEDIUM

SiYuan: Broken access control in SiYuan `/api/tag/getTag` — Reader role can mutate `Conf.Tag.Sort` and persist to disk

CVE-2026-44592 CRITICAL

Gradient: Unauthenticated worker on /proto → arbitrary NAR write / cache poisoning

CVE-2026-41315 CRITICAL

mdserver-web: Missing Authorization and Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')

CVE-2026-44482 CRITICAL

soundcloud-rpc: Remote Code Execution via XSS in Track Title

CVE-2026-6472 MEDIUM

PostgreSQL CREATE TYPE does not check multirange schema CREATE privilege

CVE-2026-4031 HIGH

Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Backup Interception

CVE-2026-4030 HIGH

Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Arbitrary File Read and Deletion

CVE-2026-4029 HIGH

Database Backup for WordPress <= 2.5.2 - Missing Authorization to Unauthenticated Database Export

CVE-2026-6512 CRITICAL

InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Arbitrary Post Deletion via Multiple Parameters

CVE-2026-6145 MEDIUM

User Registration & Membership <= 5.1.5 - Unauthenticated Missing Authorization to Admin Approval Bypass via 'action' Parameter

CVE-2026-6510 CRITICAL

InfusedWoo Pro <= 5.1.2 - Unauthenticated Missing Authorization to Privilege Escalation via 'iwar_save_recipe'

CVE-2026-6506 HIGH

InfusedWoo Pro <= 5.1.2 - Authenticated (Subscriber+) Missing Authorization to Privilege Escalation via Arbitrary User Meta Update

CVE-2026-8144 MEDIUM

Missing Authorization in GitLab

CVE-2026-6883 LOW

Missing Authorization in GitLab

CVE-2026-3829 MEDIUM

WP Encryption - One Click SSL & Force HTTPS <= 7.8.5.10 - Missing Authorization to Authenticated (Subscriber+) SSL Setup Tampering

CVE-2026-2900 LOW

Missing Authorization in GitLab

CVE-2026-7525 MEDIUM

My Calendar <= 3.7.9 - Authenticated (Custom+) Missing Authorization to Unauthorized Event Publication via 'event_approved' Parameter

Previous Page 13 of 326 Next

Details

Vulnerabilities 8,143

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy