Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,143 vulnerabilities with CWE-862

CVE-2026-42174 MEDIUM

Kirby: User avatar creation, replacement and deletion are not gated by user update permissions

CVE-2026-42137 MEDIUM

Kirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialog

CVE-2026-42069 MEDIUM

Kirby: Read access to site, user and role information is not gated by permissions

CVE-2026-42051 MEDIUM

Kirby: System API endpoint leaks license data and installed version to authenticated users

CVE-2026-6667 MEDIUM

PgBouncer missing authorization check in KILL_CLIENT admin command

CVE-2026-44125 CRITICAL

SEPPmail Secure Email Gateway - Missing Authorization in GINAv2

CVE-2026-39816 HIGH

Apache NiFi: Missing Execute Code Required Permission on TinkerpopClientService

CVE-2026-8077 HIGH

Weak credentials vulnerability in the CashDro 3 web administration panel

CVE-2026-41498 LOW

Kimai: Team API Missing Object-Level Authorization

CVE-2026-27416 MEDIUM

WordPress PDF Poster plugin <= 2.4.1 - Broken Access Control vulnerability

CVE-2026-25436 MEDIUM

WordPress Royal Elementor Addons plugin < 1.7.1053 - Broken Access Control vulnerability

CVE-2026-6214 MEDIUM

Forminator Forms <= 1.53.0 - Subscriber Scheduled Export Authorization Bypass

CVE-2026-41658 MEDIUM

Admidio: Missing Authorization on Inventory Module Destructive Endpoints Allows Any Authenticated User to Delete Items

CVE-2026-4807 MEDIUM

Appointment Booking Calendar <= 1.6.10.6 - Unauthenticated Arbitrary Appointment View, Modification and Deletion

CVE-2026-6222 MEDIUM

Forminator Forms <= 1.51.1 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'forminator_action' Parameter

CVE-2026-43583 MEDIUM

OpenClaw 2026.4.10 < 2026.4.14 - Loss of Group Tool-Policy Context in Delivery Queue Recovery

CVE-2026-43580 HIGH

OpenClaw < 2026.4.10 - Incomplete Navigation Guard Coverage in Browser Interactions

CVE-2026-43579 MEDIUM

OpenClaw < 2026.4.10 - Insufficient Access Control in Nostr Profile Mutation Routes

CVE-2026-43577 MEDIUM

OpenClaw < 2026.4.9 - Arbitrary File Read via Browser Interaction Routes

CVE-2026-43575 CRITICAL

OpenClaw 2026.2.21 < 2026.4.10 - Authentication Bypass in Sandbox noVNC Helper Route

CVE-2026-20193 MEDIUM

Cisco Identity Services Engine Authentication Bypass Vulnerability

CVE-2026-20189 MEDIUM

Cisco Prime Infrastructure Information Disclosure Vulnerability

CVE-2026-2306 MEDIUM

Ninja Tables <= 5.2.6 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Table Creation

CVE-2026-5753 MEDIUM

All-in-One WP Migration Unlimited Extension <= 2.83 - Authenticated Missing Authorization in Schedule Save Handler

CVE-2026-3208 MEDIUM

Mercado Pago payments for WooCommerce <= 8.7.11 - Missing Authorization to Unauthenticated PIX Payment QR Code Image Disclosure

Previous Page 16 of 326 Next

Details

Vulnerabilities 8,143

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy