Weaknesses of type CWE-283
22 resultsCVE-2020-8554MEDIUMKubernetes man in the middle using LoadBalancer or ExternalIPsEPSS 9.3%CVE-2024-27903HIGHOpenVPN plug-ins on Windows with OpenVPN 2.6.9 and earlier could be loaded from any directory, which allows an attacker to load an arbitraryEPSS 8.9%CVE-2021-24501—Workreap theme < 2.2.2 - Missing Authorization Checks in Ajax ActionsEPSS 1.3%CVE-2021-24500—Workreap theme < 2.2.2 - Multiple CSRF + IDOR VulnerabilitiesEPSS 0.6%CVE-2025-1007MEDIUMImproper Authorization in /user/namespace/{namespace}/detailsEPSS 0.5%CVE-2022-29220MEDIUMNo verification of commits origin in github-action-merge-dependabotEPSS 0.5%CVE-2023-30544LOWKiwi TCMS may allow user to update email address to unverified oneEPSS 0.4%CVE-2025-47940HIGHTYPO3 CMS Vulnerable to Privilege Escalation to System MaintainerEPSS 0.4%CVE-2026-44707MEDIUMChatwoot: Pre-Account Takeover via OAuth on Unconfirmed AccountsEPSS 0.3%CVE-2023-6068LOWOn affected 7130 Series FPGA platforms running MOS and recent versions of the MultiAccess FPGA, application of ACL’s may result in incorrect operation of the configured ACL for a port resulting in some packets that should be denied being permitted and someEPSS 0.3%CVE-2026-26016CRITICALPterodactyl Panel Allows Cross-Node Server Configuration Disclosure via Remote API Missing AuthorizationEPSS 0.3%CVE-2026-27486MEDIUMOpenClaw: Process Safety - Unvalidated PID Kill via SIGKILL in Process CleanupEPSS 0.3%CVE-2026-44562MEDIUMOpen WebUI: Model Import Overwrites Any Model Without Ownership CheckEPSS 0.3%CVE-2025-36091MEDIUMIBM Business Automation Insights unverified ownershipEPSS 0.3%CVE-2026-29788HIGHTSPortal: Anyone can forge self-deletion requests of any userEPSS 0.3%CVE-2025-12815MEDIUMAn ownership verification issue in the Virtual Desktop preview page in the Research and Engineering Studio (RES) on AWS before version 2025.EPSS 0.3%CVE-2026-4269MEDIUMImproper S3 ownership verification in Bedrock AgentCore Starter ToolkitEPSS 0.2%CVE-2025-9822MEDIUMSecret data extraction via elfinderEPSS 0.2%CVE-2026-0598MEDIUMAnsible-lightspeed: broken object level authorization leading to cross-user ai conversation context injection in ansible lightspeed apiEPSS 0.2%CVE-2024-1853MEDIUMZemana AntiLogger v2.74.204.664 - Arbitrary Process TerminationEPSS 0.2%