Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,133 vulnerabilities with CWE-862

CVE-2026-7624 MEDIUM

SEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations

CVE-2026-8502 MEDIUM

LearnPress <= 4.3.6 - Unauthenticated Sensitive Information Exposure via 'c_status' and 'return_type' Parameters

CVE-2026-9008 MEDIUM

Page-list <= 6.2 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Disclosure via Shortcode Attributes

CVE-2026-8976 MEDIUM

Rss Aggregator BY Feedzy < 5.1.7 - Authorization Bypass

CVE-2026-7523 MEDIUM

Alba Board <= 2.1.3 - Missing Authorization to Authenticated (Subscriber+) Sensitive Information Disclosure via 'card_id' Parameter

CVE-2026-5228 HIGH

Improper Access Control in Kurt Software Studio's WriteUp Mobile App

CVE-2026-10815 MEDIUM

LakshayD02 Hostel-Management-System-PHP Admin Dashboard index.php authorization

CVE-2026-10855 MEDIUM

MISP Event template importer authorization bypass

CVE-2026-4881 MEDIUM

Octopus Server 2023.0.0-2025.4.10522, 2025.4.0-2025.4.10544, 2026.1.0-2026.1.11312 - Privilege Escalation via API

CVE-2026-10737 HIGH

SP Project & Document Manager <= 4.71 - Missing Authorization to Unauthenticated Arbitrary File Information Disclosure via view_file() Function

CVE-2026-44281 HIGH

GLPI vulnerable to unauthorized reading of a specific asset object

CVE-2026-42320 MEDIUM

GLPI vulnerable to arbitrary file access

CVE-2026-42318 HIGH

GLPI Vulnerable to Arbitrary Item Deletion via Planning Endpoint

CVE-2026-42317 HIGH

GLPI vulnerable to arbitrary files deletion by technician

CVE-2026-31942 HIGH

LibreChat Before 0.8.3-rc1 - API Key Insecure Direct Object Reference

CVE-2026-10616 MEDIUM

nextlevelbuilder GoClaw Team Task Completion team_tasks_lifecycle.go TeamTasksTool.executeComplete authorization

CVE-2026-40571 MEDIUM

NamelessMC: Reactions on private or blocking profile posts can be modified without proper authorization

CVE-2026-40314 MEDIUM

NamelessMC 2.2.4 - Private Profile Reaction Access Control Bypass

CVE-2026-35443 MEDIUM

NamelessMC: Forum reactions bypass the "view own topics only" restriction

CVE-2026-49782 MEDIUM

WordPress Elementor Website Builder plugin <= 4.1.0 - Broken Access Control vulnerability

CVE-2026-27351 MEDIUM

WordPress Crew HRM plugin <= 1.2.2 - Broken Access Control vulnerability

CVE-2026-42670 HIGH

WordPress Five Star Restaurant Reservations plugin <= 2.7.14 - Payment Bypass vulnerability

CVE-2026-42669 HIGH

WordPress EventPrime plugin <= 4.3.2.0 - Broken Access Control vulnerability

CVE-2026-9234 MEDIUM

JTL-Connector for WooCommerce <= 2.4.1 - Missing Authorization to Authenticated (Subscriber+) Settings Modification via Multiple Functions

CVE-2026-9050 MEDIUM

Slider Revolution 6.0.0-6.7.55, 7.0.0-7.0.14 - Authenticated Unauthorized Plugin Deactivation

Previous Page 5 of 326 Next

Details

Vulnerabilities 8,133

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy