Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,133 vulnerabilities with CWE-862

CVE-2026-45285 MEDIUM

Nextcloud 32.0.0-32.0.8 and 33.0.0-33.0.2 - Unauthenticated Data Access via Auto-Generated Public Link

CVE-2026-45267 MEDIUM

Nextcloud: Missing permission check for from submissions

CVE-2026-42677 HIGH

WordPress WP Document Revisions plugin <= 3.8.1 - Broken Access Control vulnerability

CVE-2026-42675 HIGH

WordPress Hydra Booking plugin <= 1.1.41 - Broken Access Control vulnerability

CVE-2026-42671 MEDIUM

WordPress GeoDirectory plugin <= 2.8.157 - Broken Access Control vulnerability

CVE-2026-42682 CRITICAL

WordPress wpForo Forum plugin <= 3.0.6 - Broken Access Control vulnerability

CVE-2026-41014 MEDIUM

Apache Airflow: per-DAG RBAC bypass on /ui/partitioned_dag_runs endpoints

CVE-2026-40543 HIGH

Missing Authorization in SOPlanning

CVE-2026-8382 MEDIUM

Advanced Custom Fields (ACF®) <= 6.8.1 - Unauthenticated Arbitrary Post Modification via Front-End Form '_post_title' and '_post_content' Parameters

CVE-2026-48811 MEDIUM

FreeScout: Thread Deletion Bypasses Mailbox Access Revocation

CVE-2026-49385 MEDIUM

Jetbrains YouTrack < 2026.1.13570 - Missing Authorization

CVE-2026-49378 MEDIUM

Jetbrains TeamCity < 2026.1 - Missing Authorization

CVE-2026-49374 HIGH

Jetbrains TeamCity < 2026.1 - Missing Authorization

CVE-2026-49367 HIGH

Jetbrains IntelliJ Idea < 2026.1.1 - Missing Authorization

CVE-2026-47745 MEDIUM

Shopper: Missing per-action authorization on PaymentMethods, Currencies and Carriers admin tables

CVE-2026-47742 MEDIUM

Shopper: Missing authorization on Product admin Livewire sub-form components

CVE-2026-47740 HIGH

Shopper: Authorization bypass in multiple Livewire admin components

CVE-2026-47125 HIGH

Arcane: Missing admin authorization on global variables endpoint

CVE-2026-45632 CRITICAL

Dokploy: Schedule Authorization Bypass Enables Host/Server Command Execution

CVE-2026-45625 CRITICAL

Arcane Git Repository Endpoints - Missing Admin Authorization

CVE-2026-35630 HIGH

OpenClaw < 2026.5.18 - QQBot Missing Approver Identity Enforcement in Native Approval Buttons

CVE-2026-32905 HIGH

OpenClaw < 2026.5.4 - Unauthorized Device-Pairing Bootstrap Code Issuance via Chat Command

CVE-2026-4290 CRITICAL

WP Travel Pro <= 10.6.0 - Missing Authorization to Unauthenticated Arbitrary User Deletion Including Administrators

CVE-2026-44884 MEDIUM

Portainer: Missing authorization on custom template file endpoint exposes template content

CVE-2026-44849 HIGH

Portainer: Endpoint security bypass via Swarm service create/update

Previous Page 6 of 326 Next

Details

Vulnerabilities 8,133

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy