Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,211 vulnerabilities with CWE-862

CVE-2026-3831 MEDIUM

Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode

CVE-2026-34737 MEDIUM

AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug

CVE-2026-34395 MEDIUM

AVideo: Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php

CVE-2026-4818 MEDIUM

Search Guard FLX 3.0.0-4.0.1 - Unauthorized Data Stream Management

CVE-2026-1797 MEDIUM

Truebooker - Appointment Booking and Scheduler Plugin <= 1.1.4 - Sensitive Information Exposure via Views Files

CVE-2026-34042 HIGH

act: actions/cache server allows malicious cache injection

CVE-2026-21716 LOW

Node.js 20.20.1 22.22.1 24.14.0 25.8.1 - Missing Authorization in FileHandle Promise API

CVE-2026-34046 HIGH

Langflow: Authenticated Users Can Read, Modify, and Delete Any Flow via Missing Ownership Check

CVE-2026-33887 MEDIUM

Statamic allows unauthorized content access through missing authorization in its revision controllers

CVE-2026-4971 MEDIUM

SourceCodester Note Taking App cross-site request forgery

CVE-2026-34369 MEDIUM

AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification

CVE-2026-29180 HIGH

Fleet's team maintainer can transfer hosts from any team via missing source team authorization

CVE-2026-4968 MEDIUM

SourceCodester Diary App diary.php cross-site request forgery

CVE-2026-34247 MEDIUM

AVideo's IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False Socket Notifications

CVE-2026-34245 MEDIUM

AVideo's Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking

CVE-2026-5025 MEDIUM

Langflow - Application Logs Exposed to All Authenticated Users

CVE-2026-5022 MEDIUM

Langflow - Missing Authorization on download_image Endpoint

CVE-2026-33761 MEDIUM

AVideo: Unauthenticated Access to Scheduler Plugin Endpoints Leaks Scheduled Tasks, Email Content, and User Mappings

CVE-2026-33759 MEDIUM

AVideo: Unauthenticated IDOR in playlistsVideos.json.php Exposes Private Playlist Contents

CVE-2026-4309 MEDIUM

NEC Aterm W1200EX(-MS) - Auth Bypass

CVE-2026-3098 MEDIUM

Smart Slider 3 <= 3.5.1.33 - Authenticated (Subscriber+) Arbitrary File Read via actionExportAll

CVE-2026-29070 MEDIUM

Open WebUI has unauthorized deletion of knowledge files

CVE-2026-33638 MEDIUM

Ech0 authenticated user-list exposed data via public `/api/allusers` endpoint

CVE-2026-33632 HIGH

ClearanceKit: opfilter policy bypass via exchangedata and clone operations

CVE-2026-33631 HIGH

ClearanceKit: opfilter policy bypass via non-open file operations

Previous Page 30 of 329 Next

Details

Vulnerabilities 8,211

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy