Weaknesses of type CWE-266
951 resultsCVE-2026-10277MEDIUMj3k0 mcp-google-workspace MCP Gmail Tool gmail.ts saveToDisk access controlEPSS 0.3%CVE-2025-67278MEDIUMAn issue in TIM Solution GmbH TIM BPM Suite & TIM FLOW before v.9.1.2 allows a remote attacker to escalate privileges via a crafted HTTP reqEPSS 0.3%CVE-2025-14660MEDIUMDecoCMS Mesh Workspace Domain api.ts createTool access controlEPSS 0.3%CVE-2025-53209CRITICALWordPress Masteriyo LMS PRO plugin <= 2.20.0 - Privilege Escalation VulnerabilityEPSS 0.3%CVE-2020-1704HIGHAn insecure modification vulnerability in the /etc/passwd file was found in all versions of OpenShift ServiceMesh (maistra) before 1.0.8 in EPSS 0.3%CVE-2022-42825MEDIUMThis issue was addressed by removing additional entitlements. This issue is fixed in tvOS 16.1, macOS Ventura 13, watchOS 9.1, iOS 16.1 and EPSS 0.3%CVE-2025-8790MEDIUMPortabilis i-Educar API Endpoint pessoa improper authorizationEPSS 0.3%CVE-2025-7552MEDIUMDromara Northstar Path AuthorizationInterceptor.java preHandle access controlEPSS 0.3%CVE-2019-19345HIGHA vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the EPSS 0.3%CVE-2026-5529MEDIUMDromara lamp-cloud DefUserController pageUser improper authorizationEPSS 0.3%CVE-2026-1597MEDIUMBdtask SalesERP Administrative Endpoint improper authorizationEPSS 0.3%CVE-2026-11521MEDIUMMohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorizationEPSS 0.3%CVE-2026-7713MEDIUMcrocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorizationEPSS 0.3%CVE-2026-2676MEDIUMGoogTech sms-ssm API LoginInterceptor.java preHandle improper authorizationEPSS 0.3%CVE-2026-9484MEDIUMSourceCodester Student Grades Management System classroom.php removeStudentFromClassroom improper authorizationEPSS 0.3%CVE-2023-29066LOWIncorrect User ManagementEPSS 0.3%CVE-2025-15123LOWJeecgBoot datarule improper authorizationEPSS 0.3%CVE-2026-11532MEDIUMimvks786 student_management_system Student Record add.php access controlEPSS 0.3%CVE-2025-15124LOWJeecgBoot list getParameterMap improper authorizationEPSS 0.3%CVE-2025-15125LOWJeecgBoot queryDepartPermission improper authorizationEPSS 0.3%