Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

7,700 vulnerabilities with CWE-862

CVE-2026-41349 HIGH

OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch

CVE-2026-41266 HIGH

Flowise: Sensitive Data Leak in public-chatbotConfig

CVE-2026-5464 HIGH

ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process

CVE-2026-41679 CRITICAL

Paperclip Vulnerable to Unauthenticated Remote Code Execution via Import Authorization Bypass

CVE-2026-41454 HIGH

WeKan < 8.35 Missing Authorization via Integration REST API

CVE-2026-40937 HIGH

RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks

CVE-2026-1930 MEDIUM

Emailchef <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion

CVE-2026-6235 CRITICAL

Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests

CVE-2026-4128 MEDIUM

TP Restore Categories And Taxonomies <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Taxonomy Deletion via 'tpmcattt_delete_term' AJAX Action

CVE-2026-4119 CRITICAL

Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php

CVE-2026-4117 MEDIUM

CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action

CVE-2026-6834 MEDIUM

aEnrich｜a+HRD - Missing Authorization

CVE-2026-41128 MEDIUM

Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action

CVE-2026-40870 HIGH

Decidim's comments API allows access to all commentable resources

CVE-2026-41192 HIGH

FreeScout's client-controlled attachment IDs allow deletion of existing conversation attachments

CVE-2026-40592 MEDIUM

FreeScout's cross-user undo reply allows mailbox peers to recall another agent's outbound reply

CVE-2026-40570 MEDIUM

FreeScout's Missing Authorization in load_customer_info Allows Any Authenticated User to Access Full Customer PII

CVE-2026-6703 MEDIUM

Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions

CVE-2026-39386 HIGH

Neko has Self-service Privilege Escalation for Authenticated Users

CVE-2026-41298 MEDIUM

OpenClaw < 2026.4.2 - Authorization Bypass in Session Termination Endpoint

CVE-2026-40098 MEDIUM

OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant

CVE-2026-25058 HIGH

Vexa's unauthenticated internal transcript endpoint exposed by default

CVE-2026-6589 MEDIUM

ComfyUI server.py create_origin_only_middleware cross-site request forgery

CVE-2026-40581 HIGH

ChurchCRM: Cross-Site Request Forgery (CSRF) in SelectDelete.php Leading to Permanent Data Deletion

CVE-2026-40480 HIGH

ChurchCRM has Missing Object-Level Authorization / IDOR in `/api/person/{personId}`

Previous Page 2 of 308 Next

Details

Vulnerabilities 7,700

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy