Weaknesses of type CWE-285
1,285 resultsCVE-2024-34104HIGHAdobe Commerce | Improper Authorization (CWE-285)EPSS 0.8%CVE-2024-2641MEDIUMRuijie RG-NBS2009G-P Password passwdManage.htm improper authorizationEPSS 0.8%CVE-2024-21159MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.36 and prior anEPSS 0.8%CVE-2025-48063MEDIUMXWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming rightEPSS 0.8%CVE-2022-29234MEDIUMGrace period for lock settings in public/private chats in BigBlueButtonEPSS 0.8%CVE-2023-3805HIGHXiamen Four Letter Video Surveillance Management System Login UserInfoAction.class improper authorizationEPSS 0.8%CVE-2025-30390CRITICALAzure ML Compute Elevation of Privilege VulnerabilityEPSS 0.8%CVE-2024-8676HIGHCri-o: checkpoint restore can be triggered from different namespacesEPSS 0.8%CVE-2023-32022HIGHWindows Server Service Security Feature Bypass VulnerabilityEPSS 0.8%CVE-2023-47109MEDIUMPrestaShop blockreassurance BO User can remove any file from server when adding a and deleting a blockEPSS 0.8%CVE-2022-33713—Implicit Intent hijacking vulnerability in Samsung Cloud prior to version 5.2.0 allows attacker to get sensitive information.EPSS 0.8%CVE-2018-3829—In Elastic Cloud Enterprise (ECE) versions prior to 1.1.4 it was discovered that a user could scale out allocators on new hosts with an invaEPSS 0.8%CVE-2022-39902MEDIUMImproper authorization in Exynos baseband prior to SMR DEC-2022 Release 1 allows remote attacker to get sensitive information including IMEIEPSS 0.8%CVE-2020-25716—A flaw was found in Cloudforms. A role-based privileges escalation flaw where export or import of administrator files is possible. An attackEPSS 0.8%CVE-2025-1226MEDIUMywoa setup.jsp improper authorizationEPSS 0.8%CVE-2020-10716—A flaw was found in Red Hat Satellite's Job Invocation, where the "User Input" entry was not properly restricted to the view. This flaw alloEPSS 0.8%CVE-2022-24083CRITICALPassword authentication bypass vulnerability for local accounts can be used to bypass local authentication checks.EPSS 0.8%CVE-2023-4243HIGHFULL - Customer <= 2.2.3 - Authenticated(Subscriber+) Improper Authorization to Arbitrary Plugin InstallationEPSS 0.8%CVE-2026-28865HIGHAn authentication issue was addressed with improved state management. This issue is fixed in iOS 18.7.7 and iPadOS 18.7.7, iOS 26.4 and iPadEPSS 0.8%CVE-2022-4701MEDIUMRoyal Elementor Addons <= 1.3.59 - Insufficient Access Control to Plugin ActivationEPSS 0.8%