VYPR

CWE-862

Missing Authorization

ClassIncompleteLikelihood: High

Description

The product does not perform an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-665

CVEs mapped to this weakness (5,549)

page 54 of 278
  • CVE-2026-34261MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Due to a missing authorization check in SAP Business Analytics and SAP Content Management, an authenticated user could make unauthorized calls to certain remote function modules, potentially accessing sensitive information beyond their intended permissions. This vulnerability…

  • CVE-2026-27679MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Due to missing authorization checks in the SAP S/4HANA frontend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while…

  • CVE-2026-27678MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Due to missing authorization checks in the SAP S/4HANA backend OData Service (Manage Reference Structures), an attacker could update and delete child entities via exposed OData services without proper authorization. This vulnerability has a high impact on integrity, while…

  • CVE-2026-27677MedApr 14, 2026
    risk 0.42cvss 6.5epss 0.00

    Due to missing authorization checks in the SAP S/4HANA OData Service (Manage Reference Equipment), an attacker could update and delete child entities via OData services without proper authorization. This vulnerability has a high impact on integrity, while confidentiality and…

  • CVE-2026-3360HigApr 10, 2026
    risk 0.42cvss 7.5epss 0.01

    The Tutor LMS – eLearning and online course solution plugin for WordPress is vulnerable to an Insecure Direct Object Reference in all versions up to, and including, 3.9.7. This is due to missing authentication and authorization checks in the `pay_incomplete_order()` function.…

  • CVE-2026-39651MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in TotalSuite Total Poll Lite totalpoll-lite allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Total Poll Lite: from n/a through <= 4.12.0.

  • CVE-2026-39639MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in redpixelstudios RPS Include Content rps-include-content allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects RPS Include Content: from n/a through <= 1.2.2.

  • CVE-2026-39569MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in AA Web Servant 12 Step Meeting List 12-step-meeting-list allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects 12 Step Meeting List: from n/a through <= 3.19.9.

  • CVE-2026-39488MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in SureCart SureCart surecart allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects SureCart: from n/a through <= 4.0.2.

  • CVE-2026-3480MedApr 8, 2026
    risk 0.42cvss 6.5epss 0.00

    The WP Blockade plugin for WordPress is vulnerable to Missing Authorization in all versions up to and including 0.9.14. The plugin registers an admin_post action hook 'wp-blockade-shortcode-render' that maps to the render_shortcode_preview() function. This function lacks any…

  • CVE-2026-35606HigApr 7, 2026
    risk 0.42cvss 7.5epss 0.00

    File Browser is a file managing interface for uploading, deleting, previewing, renaming, and editing files within a specified directory. Prior to 2.63.1, the resourceGetHandler in http/resource.go returns full text file content without checking the Perm.Download permission flag.…

  • CVE-2026-5574MedApr 5, 2026
    risk 0.42cvss 6.5epss 0.01

    A security vulnerability has been detected in Technostrobe HI-LED-WR120-G2 5.5.0.1R6.03.30. Affected is the function deletefile of the component FsBrowseClean. The manipulation of the argument dir/path leads to missing authorization. The attack may be initiated remotely. The…

  • CVE-2026-27833HigApr 3, 2026
    risk 0.42cvss 7.5epss 0.02

    Piwigo is an open source photo gallery application for the web. Prior to version 16.3.0, the pwg.history.search API method in Piwigo is registered without the admin_only option, allowing unauthenticated users to access the full browsing history of all gallery visitors. This…

  • CVE-2026-22663HigApr 3, 2026
    risk 0.42cvss 7.5epss 0.00

    prompts.chat prior to commit 7b81836 contains multiple authorization bypass vulnerabilities due to missing isPrivate checks across API endpoints and page metadata generation that allow unauthorized users to access sensitive data associated with private prompts. Attackers can…

  • CVE-2026-5025MedMar 27, 2026
    risk 0.42cvss 6.5epss 0.00

    The '/logs' and '/logs-stream' endpoints in the log router allow any authenticated user to read the full application log buffer. These endpoints only require basic authentication ('get_current_active_user') without any privilege checks (e.g., 'is_superuser').

  • CVE-2026-4309MedMar 27, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in NEC Platforms, Ltd. Aterm Series allows a attacker to get a specific device information and change the settings via network.

  • CVE-2026-32541MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Premmerce Premmerce Redirect Manager premmerce-redirect-manager allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Premmerce Redirect Manager: from n/a through <= 1.0.12.

  • CVE-2026-32527MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in CRM Perks WP Insightly for Contact Form 7, WPForms, Elementor, Formidable and Ninja Forms cf7-insightly allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects WP Insightly for Contact Form 7, WPForms,…

  • CVE-2026-32514MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in Anton Voytenko Petitioner petitioner allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Petitioner: from n/a through <= 0.7.3.

  • CVE-2026-32489MedMar 25, 2026
    risk 0.42cvss 6.5epss 0.00

    Missing Authorization vulnerability in bPlugins B Blocks b-blocks allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects B Blocks: from n/a through < 2.0.30.