Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

7,700 vulnerabilities with CWE-862

CVE-2026-40742 MEDIUM

WordPress Nelio AB Testing plugin <= 8.2.8 - Sensitive Data Exposure vulnerability

CVE-2026-40740 MEDIUM

WordPress Tutor LMS plugin <= 3.9.7 - Broken Access Control vulnerability

CVE-2026-40730 MEDIUM

WordPress ThemeGrill Demo Importer plugin <= 2.0.0.6 - Broken Access Control vulnerability

CVE-2026-40729 MEDIUM

WordPress 3D viewer – Embed 3D Models plugin <= 1.8.5 - Broken Access Control vulnerability

CVE-2026-40728 MEDIUM

WordPress Magazine Blocks plugin <= 1.8.3 - Broken Access Control vulnerability

CVE-2026-27769 LOW

Connected Workspaces: Malicious remote server can manipulate arbitrary user's status

CVE-2026-3649 MEDIUM

Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action

CVE-2026-3642 MEDIUM

e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX

CVE-2026-4812 MEDIUM

Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters

CVE-2026-1314 MEDIUM

3D FlipBook < 1.16.17 - Information Exposure

CVE-2026-35033 CRITICAL

Jellyfin: Potential SSRF + Arbitrary file read via stream argument injection

CVE-2026-4109 MEDIUM

Eventin < 4.1.8 - Information Exposure

CVE-2026-4365 CRITICAL

LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion

CVE-2026-34261 MEDIUM

Missing Authorization check in SAP Business Analytics and SAP Content Management

CVE-2026-34256 HIGH

Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise)

CVE-2026-27679 MEDIUM

Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures)

CVE-2026-27678 MEDIUM

Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures)

CVE-2026-27677 MEDIUM

Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment)

CVE-2026-27676 MEDIUM

Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures)

CVE-2026-27673 MEDIUM

Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise)

CVE-2026-27672 MEDIUM

Missing Authorization check in Material Master Application

CVE-2026-32270 LOW

Craft Commerce: Unauthenticated information disclosure in `commerce/payments/pay` can leak some customer order data on anonymous payments

CVE-2026-6109 MEDIUM

FoundationAgents MetaGPT Mineflayer HTTP API index.js evaluateCode cross-site request forgery

CVE-2026-3358 MEDIUM

Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment

CVE-2026-40189 CRITICAL

goshs has a file-based ACL authorization bypass in goshs state-changing routes

Previous Page 4 of 308 Next

Details

Vulnerabilities 7,700

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy