Weaknesses of type CWE-285
1,291 resultsCVE-2025-0484MEDIUMFanli2012 native-php-cms Backend sysconfig_doedit.php improper authorizationEPSS 0.5%CVE-2024-11306MEDIUMAltenergy Power Control Software database improper authorizationEPSS 0.5%CVE-2025-29926HIGHThe WikiManager REST API allows any user to create wikisEPSS 0.5%CVE-2024-45044HIGHBareos's negative command ACLs can be circumvented by abbreviating commandsEPSS 0.5%CVE-2022-31670HIGHHarbor fails to validate the user permissions when updating tag retention policiesEPSS 0.5%CVE-2023-38508MEDIUMTuleap allows preview of a linked artifact with a type does not respect permissionsEPSS 0.5%CVE-2022-4879MEDIUMForged Alliance Forever Vote improper authorizationEPSS 0.5%CVE-2021-42000MEDIUMPing Identity PingFederate Password Reset and Password Change Mishandling with an authentication policy in parallel reset flowsEPSS 0.5%CVE-2020-9049HIGHvictor Web Client and C•CURE Web Client JSON Web Token (JWT) VulnerabilityEPSS 0.5%CVE-2022-42961MEDIUMAn issue was discovered in wolfSSL before 5.5.0. A fault injection attack on RAM via Rowhammer leads to ECDSA key disclosure. Users performiEPSS 0.5%CVE-2023-28623MEDIUMUnauthorized user can register an account in specific configurations in ZulipEPSS 0.5%CVE-2023-2534HIGHInformation disclouse and DoS via websocket push eventsEPSS 0.5%CVE-2021-3837HIGHImproper Authorization in openwhyd/openwhydEPSS 0.5%CVE-2022-32838MEDIUMA logic issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.5, macOS Big Sur 11.6.8, Security UpdatEPSS 0.5%CVE-2026-33186CRITICALgRPC-Go has an authorization bypass via missing leading slash in :pathEPSS 0.5%CVE-2024-9082MEDIUMSourceCodester Online Eyewear Shop User Creation Users.php improper authorizationEPSS 0.5%CVE-2024-10598MEDIUMTongda OA Annual Leave data.php improper authorizationEPSS 0.5%CVE-2024-10729HIGHBooking & Appointment Plugin for WooCommerce <= 6.9.0 - Authenticated (Subscriber+) Arbitrary Option UpdateEPSS 0.5%CVE-2022-24002MEDIUMImproper Authorization vulnerability in Link Sharing prior to version 12.4.00.3 allows attackers to open protected activity via PreconditionEPSS 0.5%CVE-2023-1910MEDIUMGetwid – Gutenberg Blocks <= 1.8.3 - Improper Authorization via get_remote_templates REST endpointEPSS 0.5%