CWE-862 - Missing Authorization is a cwe tracked across 50 threat clusters and 211 intelligence report mentions on ThreatCluster. First observed April 14, 2026; most recent activity July 17, 2026.
Cisco has disclosed a critical authentication bypass vulnerability, CVE-2026-20182, affecting its Catalyst SD-WAN Controller and Manager. This flaw allows unauthenticated remote attackers to bypass authentication and…
A critical vulnerability in the Joomla Content Editor (JCE), tracked as CVE-2026-48907, allows unauthenticated attackers to execute remote code on affected Joomla sites. This flaw affects JCE versions below 2.9.99.6 and…
A critical command injection vulnerability, CVE-2026-42271, in LiteLLM, an open-source AI gateway, allows unauthenticated remote code execution (RCE) when chained with CVE-2026-48710, a Host header validation bypass in…
On April 24, 2026, CISA added four actively exploited vulnerabilities to its Known Exploited Vulnerabilities catalog. The affected products include SimpleHelp remote management software, Samsung MagicINFO 9 Server, and…
From mid-2024 to early 2026, the Vietnam-aligned APT group OceanLotus has intensified its focus on domestic espionage, utilizing the SPECTRALVIPER backdoor in two major campaigns. The first campaign targeted a…
A critical vulnerability (CVSS 9.7) in the Cline Kanban server allows any website a developer visits to silently exfiltrate workspace data and inject commands into the AI agent's terminal. This flaw affects version…
A report by Israel's State Comptroller reveals significant cybersecurity gaps in emergency agencies and government ministries, leaving them vulnerable to Iranian cyber threats. The report highlights a 55% increase in…
A significant authorization bypass vulnerability (CVE-2026-33186) has been identified in multiple SUSE Elemental systems, including the elemental-system-agent, elemental-toolkit, and elemental-register. This flaw arises…
A high-severity vulnerability (CVE-2026-12957) in Amazon Q Developer for Visual Studio Code allowed attackers to execute arbitrary code and steal AWS credentials by automatically loading malicious MCP server…
A critical vulnerability (CVE-2026-8732) in the WP Maps Pro WordPress plugin allows unauthenticated attackers to create administrator accounts on affected sites. The flaw affects all versions up to 6.1.0 and was…