CVE Database

7+ vulnerabilities with CVSS scores, EPSS exploit predictions, and CISA KEV status. Updated daily.

Filter: All CRITICAL HIGH MEDIUM LOW CISA KEV
Sort: Newest CVSS EPSS

7 results for "CWE-86"

CVE-2026-56152
5.3 MEDIUM

Incorrect Authorization (CWE-863) in Elastic Defend can lead to unauthorized information disclosure via Accessing Functionality Not Properly Constrained by ACLs (CAPEC-1). Under certain conditions, a …

Jul 1, 2026
CVE-2025-54838
6.8 MEDIUM

An Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests.

Dec 9, 2025
CVE-2024-37363
6.5 MEDIUM

The product does not perform an authorization check when an actor attempts to access a resource or perform an action. (CWE-862) Hitachi Vantara Pentaho Business …

Feb 20, 2025
CVE-2025-26376
6.5 MEDIUM

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to modify user data …

Feb 12, 2025
CVE-2025-26374
6.5 MEDIUM

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (users endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate …

Feb 12, 2025
CVE-2025-26373
6.5 MEDIUM

A CWE-862 "Missing Authorization" in maxprofile/users/routes.lua (user endpoint) in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to enumerate …

Feb 12, 2025
CVE-2025-26367
4.3 MEDIUM

A CWE-862 "Missing Authorization" in maxprofile/user-groups/routes.lua in Q-Free MaxTime less than or equal to version 2.11.0 allows an authenticated (low-privileged) attacker to create arbitrary user …

Feb 12, 2025

Scan your infrastructure for known CVEs

Free website and port scanning — find vulnerabilities before attackers do.