Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,143 vulnerabilities with CWE-862

CVE-2026-44448 MEDIUM

ERPNext: Unauthorised Document modification due to missing validation

CVE-2026-44442 CRITICAL

ERPNext: Unauthorised Document modification due to missing validation

CVE-2026-28380 MEDIUM

BAC in Snapshot API allows deletion of unauthorized dashboard snapshots

CVE-2026-0246 MEDIUM

Prisma Access Agent: Local Privilege Escalation Vulnerability

CVE-2026-4609 HIGH

ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Group Joining

CVE-2026-4607 MEDIUM

ProfileGrid <= 5.9.8.4 - Missing Authorization to Authenticated (Subscriber+) Group Settings Modification

CVE-2026-3426 MEDIUM

RTMKit Addons for Elementor <= 2.0.2 - Authenticated (Author+) Missing Authorization to Widget Configuration Modification

CVE-2026-2515 MEDIUM

Hostinger Reach <= 1.3.8 - Missing Authorization to Authenticated (Subscriber+) Integration API Key Update

CVE-2026-7051 MEDIUM

Blog2Social <= 8.9.0 - Subscriber Post Deletion Authorization Bypass

CVE-2026-5371 HIGH

MonsterInsights <= 10.1.2 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Exposure And Plugin Integration Reset

CVE-2026-44012 HIGH

Craft CMS < 5.9.18 AssetsController - Missing Volume Permission Check

CVE-2026-44010 HIGH

Craft CMS 4.0.0 to before 4.17.12 and 5.0.0 to before 5.9.18 - GraphQL Address PII Disclosure

CVE-2026-5146 MEDIUM

Devolutions Server <=2025.3.19.0, 2026.1.6.0-2026.1.15.0 - Unauthenticated Arbitrary Notification Modification

CVE-2026-42541 MEDIUM

Kubewarden: RBAC Reconnaissance via unchecked can_i host capability call

CVE-2026-35438 HIGH

Windows Admin Center Elevation of Privilege Vulnerability

CVE-2026-31245 MEDIUM

mem0 1.0.0 - Unauthenticated Arbitrary Memory Record Creation via Memory Creation API Endpoint

CVE-2026-31244 MEDIUM

mem0 1.0.0 - Missing Authentication

CVE-2026-31243 MEDIUM

mem0 1.0.0 - Unauthenticated SQL Statement Execution via DELETE /memories Endpoint

CVE-2026-31242 CRITICAL

mem0 v1.0.0 - Unauthenticated SQL Injection via DELETE /memories Endpoint

CVE-2026-31241 MEDIUM

mem0 1.0.0 - Unauthenticated Memory Deletion via DELETE /memories Endpoint

CVE-2026-26083 CRITICAL

FortiSandbox and FortiSandbox Cloud - Unauthenticated Remote Code Execution via HTTP Requests

CVE-2026-8407 MEDIUM

Devolutions Server 2025.3.16.0 and earlier, 2026.1.6.0-2026.1.11.0 - Authenticated Missing Authorization in PAM Module

CVE-2026-25431 MEDIUM

WordPress Hustle plugin <= 7.8.10.1 - Broken Access Control vulnerability

CVE-2026-45212 MEDIUM

WordPress Asset CleanUp: Page Speed Booster plugin <= 1.4.0.3 - Broken Access Control vulnerability

CVE-2026-45210 MEDIUM

WordPress Broadstreet Ads plugin <= 1.52.2 - Broken Access Control vulnerability

Previous Page 14 of 326 Next

Details

Vulnerabilities 8,143

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy