CWE-862 · Missing Authorization
8358 CVEs classified under CWE-862 (Missing Authorization). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-44329 | Critical | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-toke… |
CVE-2026-44327 | Critical | 10.0 | 2026-05-27 | free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-to… |
CVE-2026-33712 | Critical | 10.0 | 2026-05-22 | Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthe… |
CVE-2026-41679 | Critical | 10.0 | 2026-04-23 | Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker ca… |
CVE-2026-34976 | Critical | 10.0 | 2026-04-06 | Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (a… |
CVE-2025-30416 | Critical | 10.0 | 2026-02-20 | Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before… |
CVE-2025-45854 | Critical | 10.0 | 2025-06-03 | /server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams. |
CVE-2025-46348 | Critical | 10.0 | 2025-04-29 | YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication… |
CVE-2025-26853 | Critical | 10.0 | 2025-03-20 | DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema. |
CVE-2025-22612 | Critical | 10.0 | 2025-01-24 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization… |
CVE-2025-22609 | Critical | 10.0 | 2025-01-24 | Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization… |
CVE-2024-52416 | Critical | 10.0 | 2024-11-16 | Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a… |
CVE-2024-6500 | Critical | 10.0 | 2024-08-17 | The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability che… |
CVE-2024-6071 | Critical | 10.0 | 2024-06-27 | PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the s… |
CVE-2024-33566 | Critical | 10.0 | 2024-04-29 | Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4. |
CVE-2024-2086 | Critical | 10.0 | 2024-03-30 | The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for Word… |
CVE-2022-0543 | Critical | 10.0 | 2022-02-18 | It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could resul… |
CVE-2026-46716 | Critical | 9.9 | 2026-06-12 | Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user c… |
CVE-2026-45552 | Critical | 9.9 | 2026-06-10 | Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.be… |
CVE-2026-45632 | Critical | 9.9 | 2026-05-29 | Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a resul… |