Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

7,700 vulnerabilities with CWE-862

CVE-2026-40185 HIGH

Missing Authorization on Immich Trip Photo Routes in TREK

CVE-2026-33708 MEDIUM

Chamilo LMS has REST API PII Exposure via get_user_info_from_username

CVE-2026-33141 MEDIUM

Chamilo LMS has an IDOR in REST API Stats Endpoint Exposes Any User's Learning Data

CVE-2026-35662 MEDIUM

OpenClaw < 2026.3.22 - Missing controlScope Enforcement in Send Action

CVE-2026-35660 HIGH

OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset

CVE-2026-35621 MEDIUM

OpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence

CVE-2026-35620 MEDIUM

OpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands

CVE-2026-35598 MEDIUM

Vikunja has Missing Authorization on CalDAV Task Read

CVE-2026-4162 HIGH

Gravity SMTP <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall

CVE-2026-4977 MEDIUM

UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter

CVE-2026-4057 MEDIUM

Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal

CVE-2026-3360 HIGH

Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter

CVE-2026-40117 MEDIUM

PraisonAIAgents Affected by Arbitrary File Read via read_skill_file Missing Workspace Boundary and Approval Gate

CVE-2026-35631 MEDIUM

OpenClaw < 2026.3.22 - Missing Authorization Enforcement in Internal ACP Chat Commands

CVE-2026-33785 HIGH

Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/CSDS scenario

CVE-2026-33776 MEDIUM

Junos OS and Junos OS Evolved: Specific low privileged CLI command exposes sensitive information

CVE-2026-35063 HIGH

Missing Authorization in OpenPLC_V3

CVE-2026-34184 CRITICAL

Missing Authorization in Hydrosystem Control System

CVE-2026-1830 CRITICAL

Quick Playground <= 1.3.1 - Missing Authorization to Unauthenticated Arbitrary File Upload

CVE-2026-4124 MEDIUM

Ziggeo <= 3.1.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Modification via 'ziggeo_ajax' AJAX Action

CVE-2026-4326 HIGH

Vertex Addons for Elementor <= 1.6.4 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation and Activation via 'afeb_activate_required_plugins'

CVE-2026-4916 LOW

Missing Authorization in GitLab

CVE-2026-39429 HIGH

kcp's cache server is accessible without authentication or authorization checks

CVE-2026-34837 MEDIUM

Zammad is miissing authorization in AI assistance controller for context data used in text tools

CVE-2026-34782 MEDIUM

Zammad has improper access control in AI assistance controller for text tools

Previous Page 5 of 308 Next

Details

Vulnerabilities 7,700

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy