Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,133 vulnerabilities with CWE-862

CVE-2026-42851 HIGH

@kitty-edit DCS + --color=geninclude vulnerable to Unauthenticated in-process RCE

CVE-2026-50244 MEDIUM

Naxclow IoT Platform Missing Authorization

CVE-2026-50108 HIGH

Naxclow IoT Platform Missing Authorization

CVE-2026-10715 MEDIUM

Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

CVE-2026-6689 MEDIUM

Mattermost Team Creation - Invite Settings Authorization Bypass

CVE-2026-50084 CRITICAL

Aqara API cross-account access

CVE-2026-50026 MEDIUM

Frappe: Lack of permissions checks in 'relink' and 'set_email_password' endpoints

CVE-2026-44975 MEDIUM

Frappe: Missing authorization on reset form tours

CVE-2026-7368 HIGH

Yarbo Android/iOS Mobile Application and Cloud Infrastructure Missing Authorization

CVE-2026-47197 HIGH

Quest Bot: Discord moderation role hierarchy bypass in ban, kick, mute, unmute, warn, and nickname commands

CVE-2026-53818 MEDIUM

OpenClaw < 2026.4.24 - Owner-Only Tool Policy Bypass via MCP Loopback

CVE-2026-53816 HIGH

OpenClaw < 2026.5.18 - Exec Lifecycle Event Forgery via Paired Node

CVE-2026-53815 MEDIUM

OpenClaw < 2026.5.19 - Channel Allowlist Bypass in Message Read Actions

CVE-2026-47163 HIGH

Quest Bot: Unprivileged users can create and remove AutoMod rules.

CVE-2026-4764 CRITICAL

Privilege Escalation in Dialogflow CX via Playbook Import

CVE-2026-46645 MEDIUM

SQLAdmin: Authorization Bypass on `ajax_lookup`

CVE-2026-53634 MEDIUM

Sharp: Missing Authorization Check in Quick Creation Command Endpoints

CVE-2026-0272 MEDIUM

Palo Alto Networks Cloud Ngfw - Privilege Escalation

CVE-2026-49822 HIGH

Fission: Cross-namespace event leakage via KubernetesWatchTrigger allows persistent tenant surveillance

CVE-2026-49821 HIGH

Fission < 1.24.0 Package Builder - Command Execution via Environment Reference

CVE-2026-46614 CRITICAL

Fission router exposes /fission-function/<ns>/<name> on its public listener, allowing invocation of any function without an HTTPTrigger

CVE-2026-46558 HIGH

Plane: Cross-workspace asset authorization bypass lets any authenticated user read, copy, delete, and overwrite assets in other Plane workspaces

CVE-2026-45552 CRITICAL

Roxy-WI <= 8.2.6.4 - Cross-Tenant Install Authorization Bypass

CVE-2026-45550 CRITICAL

Roxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/body

CVE-2026-45549 HIGH

Roxy-WI <= 8.2.6.4 - smon-agent Action Authorization Bypass

Previous Page 3 of 326 Next

Details

Vulnerabilities 8,133

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy