Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,213 vulnerabilities with CWE-862

CVE-2026-29072 HIGH

Discourse missing permission check for policy creation in discourse-policy

CVE-2026-33305 MEDIUM

OpenEMR has Authorization Bypass in FaxSMS AppDispatch Constructor

CVE-2026-33304 MEDIUM

OpenEMR has Authorization Bypass in Dated Reminders Log

CVE-2026-32622 HIGH

SQLBot: Remote Code Execution via Terminology Poisoning

CVE-2026-27491 MEDIUM

Discourse Post Actions API - Non-Staff Warning Authorization Bypass

CVE-2026-27454 MEDIUM

Discourse has check revision visibility on posts endpoint

CVE-2026-26939 MEDIUM

Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration

CVE-2026-25443 HIGH

WordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion vulnerability

CVE-2026-3475 MEDIUM

Instant Popup Builder <= 1.1.7 - Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter

CVE-2026-25312 HIGH

WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability

CVE-2026-27091 MEDIUM

WordPress UiPress lite plugin <= 3.5.09 - Broken Access Control vulnerability

CVE-2026-28070 MEDIUM

WordPress WP eMember plugin <= v10.2.2 - Broken Access Control vulnerability

CVE-2026-32736 MEDIUM

Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure

CVE-2026-2992 HIGH

KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard

CVE-2026-2559 MEDIUM

Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite

CVE-2026-32565 MEDIUM

WordPress Contextual Related Posts plugin < 4.2.2 - Broken Access Control vulnerability

CVE-2026-1217 MEDIUM

Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite

CVE-2026-32268 HIGH

Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability

CVE-2026-1926 MEDIUM

Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation

CVE-2026-4064 HIGH

PowerShell Universal <2026.1.4 - Privilege Escalation

CVE-2026-30911 HIGH

Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization

CVE-2026-4202 MEDIUM

Broken Access Control in extension "Redirect Tab"

CVE-2026-32586 MEDIUM

WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability

CVE-2026-2373 MEDIUM

Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure

CVE-2026-32587 MEDIUM

WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability

Previous Page 35 of 329 Next

Details

Vulnerabilities 8,213

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy