Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,154 vulnerabilities with CWE-862

CVE-2026-40778 MEDIUM

WordPress Majestic Support plugin <= 1.1.2 - Broken Access Control vulnerability

CVE-2026-40763 MEDIUM

WordPress Royal Elementor Addons plugin <= 1.7.1056 - Broken Access Control vulnerability

CVE-2026-40742 MEDIUM

WordPress Nelio AB Testing plugin <= 8.2.8 - Sensitive Data Exposure vulnerability

CVE-2026-40740 MEDIUM

WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

CVE-2026-40730 MEDIUM

WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability

CVE-2026-40729 MEDIUM

WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability

CVE-2026-40728 MEDIUM

WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability

CVE-2026-27769 LOW

Connected Workspaces: Malicious remote server can manipulate arbitrary user's status

CVE-2026-3649 MEDIUM

Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action

CVE-2026-3642 MEDIUM

e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX

CVE-2026-4812 MEDIUM

Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters

CVE-2026-1314 MEDIUM

3D FlipBook <= 1.16.17 - Unauthenticated Data Access via send_post_pages_json()

CVE-2026-35033 CRITICAL

Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection

CVE-2026-23708 HIGH

FortiSOAR PaaS 7.6.0-7.6.3 - Auth Bypass

CVE-2026-4109 MEDIUM

Eventin <= 4.1.8 - Authenticated Missing Authorization

CVE-2026-4365 CRITICAL

LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion

CVE-2026-34261 MEDIUM

Missing Authorization check in SAP Business Analytics and SAP Content Management

CVE-2026-34256 HIGH

Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

CVE-2026-27679 MEDIUM

Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)

CVE-2026-27678 MEDIUM

Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)

CVE-2026-27677 MEDIUM

Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment)

CVE-2026-27676 MEDIUM

Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)

CVE-2026-27673 MEDIUM

Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)

CVE-2026-27672 MEDIUM

Missing Authorization check in Material Master Application

CVE-2026-32270 LOW

Craft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous payments

Previous Page 21 of 327 Next

Details

Vulnerabilities 8,154

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy