VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 30 of 278
  • CVE-2026-42669HigJun 2, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in EventPrime allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects EventPrime: from n/a through 4.3.2.0.

  • CVE-2026-42677HigJun 1, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Ben Balter WP Document Revisions allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects WP Document Revisions: from n/a before 4.0.0.

  • CVE-2026-49374HigMay 29, 2026
    risk 0.49cvss 7.6epss 0.00

    In JetBrains TeamCity before 2026.1 improper permission checks exposed build configuration parameters

  • CVE-2018-25391HigMay 29, 2026
    risk 0.49cvss 7.5epss 0.00

    HaPe PKH 1.1 fails to enforce authorization on its record deletion endpoints, allowing unauthenticated attackers to delete arbitrary records by sending a crafted request that specifies the target record's id. The admin/modul/mod_pengurus/aksi_pengurus.php…

  • CVE-2026-45438HigMay 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects Smart Coupons for WooCommerce: from n/a before 2.3.0.

  • CVE-2026-45209HigMay 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in edward_plainview MyCryptoCheckout allows Exploiting Incorrectly Configured Access Control Security Levels. This issue affects MyCryptoCheckout: from n/a through 2.161.

  • CVE-2026-9011HigMay 22, 2026
    risk 0.49cvss 7.5epss 0.00

    The Ditty – Responsive News Tickers, Sliders, and Lists plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 3.1.65. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it…

  • CVE-2026-8547HigMay 14, 2026
    risk 0.49cvss 7.5epss 0.00

    Insufficient policy enforcement in Passwords in Google Chrome on Windows prior to 148.0.7778.168 allowed a remote attacker who had compromised the renderer process to perform privilege escalation via a crafted HTML page. (Chromium security severity: High)

  • CVE-2026-33359HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    In Meari IoT Cloud alert image storage on Alibaba OSS (latest observed; storage service version not disclosed), motion snapshots are retrievable without authentication, signed URLs, or expiry enforcement. URLs function as direct object references and remain valid beyond expected…

  • CVE-2026-33357HigMay 11, 2026
    risk 0.49cvss 7.5epss 0.00

    In Meari client applications embedding "com.meari.sdk" (including CloudEdge 5.5.0 build 220, Arenti 1.8.1 build 220, and related white-label <= 1.8.x), the integrated call path to openapi-euce.mearicloud.com can be abused to retrieve WAN IP data for arbitrary devices. The root…

  • CVE-2026-42226HigMay 4, 2026
    risk 0.49cvss 7.5epss 0.00

    n8n is an open source workflow automation platform. Prior to versions 1.123.33 and 2.17.5, the dynamic-node-parameters endpoints did not verify whether the authenticated caller was authorized to use a supplied credential reference. An authenticated user with access to a shared…

  • CVE-2026-40601HigApr 30, 2026
    risk 0.49cvss 7.5epss 0.00

    Chartbrew is an open-source web application that can connect directly to databases and APIs and use the data to create charts. In version 4.9.0, Chartbrew exposes POST /api/chart/:chart_id/query without authentication. The endpoint only checks team.allowReportRefresh and does…

  • CVE-2026-41266HigApr 23, 2026
    risk 0.49cvss 7.5epss 0.00

    Flowise is a drag & drop user interface to build a customized large language model flow. Prior to 3.1.0, /api/v1/public-chatbotConfig/:id ep exposes sensitive data including API keys, HTTP authorization headers and internal configuration without any authentication. An attacker…

  • CVE-2026-6372HigApr 15, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Plisio Accept Cryptocurrencies with Plisio allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Accept Cryptocurrencies with Plisio: from n/a through 2.0.5.

  • CVE-2026-23708HigApr 14, 2026
    risk 0.49cvss 7.5epss 0.00

    A improper authentication vulnerability in Fortinet FortiSOAR PaaS 7.6.0 through 7.6.3, FortiSOAR PaaS 7.5.0 through 7.5.2, FortiSOAR on-premise 7.6.0 through 7.6.3, FortiSOAR on-premise 7.5.0 through 7.5.2 may allow an unauthenticated attacker to bypass authentication via…

  • CVE-2026-32546HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in StellarWP Restrict Content restrict-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Restrict Content: from n/a through <= 3.2.22.

  • CVE-2026-32515HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Miraculous: from n/a through < 2.1.2.

  • CVE-2026-32498HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Metagauss RegistrationMagic custom-registration-form-builder-with-submission-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RegistrationMagic: from n/a through <= 6.0.7.6.

  • CVE-2026-32495HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in Link Software LLC WP Terms Popup wp-terms-popup allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Terms Popup: from n/a through <= 2.10.0.

  • CVE-2026-32485HigMar 25, 2026
    risk 0.49cvss 7.5epss 0.00

    Missing Authorization vulnerability in weDevs WP User Frontend wp-user-frontend allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP User Frontend: from n/a through <= 4.2.8.