Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,143 vulnerabilities with CWE-862

CVE-2026-42412 MEDIUM

WordPress WP User Frontend plugin <= 4.3.1 - Broken Access Control vulnerability

CVE-2026-42377 HIGH

WordPress SureForms Pro plugin <= 2.8.0 - Broken Access Control vulnerability

CVE-2026-41394 HIGH

OpenClaw < 2026.3.31 - Unauthorized Operator Scope Access in Unauthenticated Plugin-Auth Routes

CVE-2026-41382 MEDIUM

OpenClaw < 2026.3.31 - Discord Voice Ingress Authorization Bypass via Channel and Role Validation Gaps

CVE-2026-41378 HIGH

OpenClaw < 2026.3.31 - Privilege Escalation to Remote Code Execution via Unrestricted node.event Agent Dispatch

CVE-2026-6706 MEDIUM

Devolutions Server <=2026.1.14.0 - Auth Bypass

CVE-2026-5944 HIGH

Cisco Intersight Device Connector for Nutanix Prism Central Unauthenticated API Access

CVE-2026-40976 CRITICAL

Spring Boot 4.0.0-4.0.5 - Auth Bypass

CVE-2026-41464 MEDIUM

ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php

CVE-2026-7108 MEDIUM

code-projects Invoice System in Laravel cross-site request forgery

CVE-2026-41477 HIGH

Deskflow: Local privilege escalation via unauthenticated IPC

CVE-2026-3569 MEDIUM

Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint

CVE-2026-5347 MEDIUM

WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter

CVE-2026-6393 MEDIUM

BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage

CVE-2026-5488 MEDIUM

ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token'

CVE-2026-33318 HIGH

Actual has Privilege Escalation via 'change-password' Endpoint on OpenID-Migrated Servers

CVE-2026-40623 HIGH

SenseLive X3050 Missing Authorization

CVE-2026-41352 HIGH

OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass

CVE-2026-41349 HIGH

OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch

CVE-2026-41266 HIGH

Flowise: Sensitive Data Leak in public-chatbotConfig

CVE-2026-5464 HIGH

ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process

CVE-2026-41679 CRITICAL

Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

CVE-2026-41454 HIGH

WeKan < 8.35 Missing Authorization via Integration REST API

CVE-2026-40937 HIGH

RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks

CVE-2026-1930 MEDIUM

Emailchef <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion

Previous Page 18 of 326 Next

Details

Vulnerabilities 8,143

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy