Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-862

CWE-862

High likelihood

Missing Authorization

Parent: CWE-285 - Improper Authorization

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

8,323 vulnerabilities with CWE-862

CVE-2025-12170 MEDIUM

Checkbox plugin <2.8.10 - Info Disclosure

CVE-2025-11985 HIGH

Realty Portal <0.4.1 - Privilege Escalation

CVE-2025-11773 MEDIUM

TokenICO plugin <2.4.6 - Info Disclosure

CVE-2025-11003 MEDIUM

UiPress lite < 3.5.08 - Authenticated Arbitrary JavaScript Execution via Template Save

CVE-2025-10938 MEDIUM

UiPress lite <3.5.08 - Info Disclosure

CVE-2025-9825 MEDIUM

GitLab 13.7-18.2.8, 18.3-18.3.4, 18.4-18.4.2 - Authenticated Sensitive CI/CD Variable Exposure via GraphQL API

CVE-2025-12169 MEDIUM

Elula Wsdesk < 3.3.1 - Missing Authorization

CVE-2025-12085 MEDIUM

Elula Wsdesk < 3.3.2 - Missing Authorization

CVE-2025-12023 MEDIUM

Elula Wsdesk < 3.3.2 - Missing Authorization

CVE-2025-12022 MEDIUM

Elula Wsdesk < 3.3.2 - Missing Authorization

CVE-2025-52670 MEDIUM

Revive Adserver < 5.5.2 - Authorization Bypass via Banner Deletion

CVE-2025-62293 MEDIUM

soplanning < 1.55.00 - Authenticated Broken Access Control in Project Status Endpoint

CVE-2025-13468 MEDIUM

SourceCodester Alumni Management System 1.0 - Missing Authorization in Delete Handler

CVE-2025-12778 MEDIUM

Ultimate Member Widgets - Info Disclosure

CVE-2025-65089 MEDIUM

XWiki Remote Macros < 1.27.0 - Missing Authorization in View File Macro

CVE-2025-65029 HIGH

rallly < 4.5.4 - Authenticated Insecure Direct Object Reference in Participant Deletion Endpoint

CVE-2025-65028 MEDIUM

rallly < 4.5.4 - Authenticated Insecure Direct Object Reference via ParticipantId Parameter

CVE-2025-65021 CRITICAL

rallly < 4.5.4 - Authenticated Insecure Direct Object Reference via Poll Finalization

CVE-2025-65020 MEDIUM

rallly < 4.5.4 - Authenticated Insecure Direct Object Reference via Poll Duplication Endpoint

CVE-2025-12822 MEDIUM

WP Login and Register using JWT <3.0.0 - Info Disclosure

CVE-2025-12751 MEDIUM

WSChat - WordPress Live Chat <3.1.6 - Info Disclosure

CVE-2025-12174 MEDIUM

Directorist: AI-Powered Business Directory Plugin <8.5.2 - Privileg...

CVE-2025-12955 HIGH

WooCommerce <2.3.39 - Info Disclosure

CVE-2025-12639 MEDIUM

wModes for WooCommerce <= 1.2.2 - Authenticated Authorization Bypass via AJAX Endpoint

CVE-2025-12481 MEDIUM

WP Duplicate Page <1.7 - Auth Bypass

Previous Page 92 of 333 Next

Details

Vulnerabilities 8,323

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy