CWE-862 · Missing Authorization

8358 CVEs classified under CWE-862 (Missing Authorization). Browse by severity and year.

Top CVEs for CWE-862
CVESeverityScorePublishedSummary
CVE-2026-44329Critical10.02026-05-27free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's SMF mounts the UPI management route group without OAuth2/bearer-toke…
CVE-2026-44327Critical10.02026-05-27free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-oam route group without inbound OAuth2/bearer-to…
CVE-2026-33712Critical10.02026-05-22Typebot is a chatbot builder tool. In versions 3.15.2 and prior, the preview chat endpoint (POST /api/v1/typebots/{typebotId}/preview/startChat) allows unauthe…
CVE-2026-41679Critical10.02026-04-23Paperclip is a Node.js server and React UI that orchestrates a team of AI agents to run a business. Prior to version 2026.416.0, an unauthenticated attacker ca…
CVE-2026-34976Critical10.02026-04-06Dgraph is an open source distributed GraphQL database. Prior to 25.3.1, the restoreTenant admin mutation is missing from the authorization middleware config (a…
CVE-2025-30416Critical10.02026-02-20Sensitive data disclosure and manipulation due to missing authorization. The following products are affected: Acronis Cyber Protect 16 (Linux, Windows) before…
CVE-2025-45854Critical10.02025-06-03/server/executeExec of JEHC-BPM 2.0.1 allows attackers to execute arbitrary code via execParams.
CVE-2025-46348Critical10.02025-04-29YesWiki is a wiki system written in PHP. Prior to version 4.5.4, the request to commence a site backup can be performed and downloaded without authentication…
CVE-2025-26853Critical10.02025-03-20DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.
CVE-2025-22612Critical10.02025-01-24Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.374, the missing authorization…
CVE-2025-22609Critical10.02025-01-24Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.361, the missing authorization…
CVE-2024-52416Critical10.02024-11-16Missing Authorization vulnerability in Eugen Bobrowski Debug Tool debug-tool allows Upload a Web Shell to a Web Server.This issue affects Debug Tool: from n/a…
CVE-2024-6500Critical10.02024-08-17The InPost for WooCommerce plugin and InPost PL plugin for WordPress are vulnerable to unauthorized access and deletion of data due to a missing capability che…
CVE-2024-6071Critical10.02024-06-27PTC Creo Elements/Direct License Server exposes a web interface which can be used by unauthenticated remote attackers to execute arbitrary OS commands on the s…
CVE-2024-33566Critical10.02024-04-29Missing Authorization vulnerability in N-Media OrderConvo allows OS Command Injection.This issue affects OrderConvo: from n/a through 12.4.
CVE-2024-2086Critical10.02024-03-30The Integrate Google Drive – Browse, Upload, Download, Embed, Play, Share, Gallery, and Manage Your Google Drive Files Into Your WordPress Site plugin for Word…
CVE-2022-0543Critical10.02022-02-18It was discovered, that redis, a persistent key-value database, due to a packaging issue, is prone to a (Debian-specific) Lua sandbox escape, which could resul…
CVE-2026-46716Critical9.92026-06-12Nezha Monitoring is a self-hostable, lightweight, servers and websites monitoring and O&M tool. From version 1.4.0 to before version 2.0.8, a RoleMember user c…
CVE-2026-45552Critical9.92026-06-10Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.be…
CVE-2026-45632Critical9.92026-05-29Dokploy is a free, self-hostable Platform as a Service (PaaS). In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a resul…