Weaknesses of type CWE-285
1,293 resultsCVE-2025-55675MEDIUMApache Superset: Incorrect datasource authorization on REST APIEPSS 0.5%CVE-2022-36454MEDIUMA vulnerability in the MiCollab Client API of Mitel MiCollab through 9.5.0.101 could allow an authenticated attacker to modify their profileEPSS 0.5%CVE-2021-3049LOWCortex XSOAR: Improper Authorization of Incident Investigations VulnerabilityEPSS 0.5%CVE-2025-1007MEDIUMImproper Authorization in /user/namespace/{namespace}/detailsEPSS 0.5%CVE-2026-39389MEDIUMCI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected FilesEPSS 0.5%CVE-2023-36633MEDIUMAn improper authorization vulnerability [CWE-285] in FortiMail webmail version 7.2.0 through 7.2.2 and before 7.0.5 allows an authenticated EPSS 0.5%CVE-2025-1847MEDIUMzj1983 zz improper authorizationEPSS 0.5%CVE-2025-54378HIGHHAX CMS Backend Lacks Comprehensive Authorization ChecksEPSS 0.5%CVE-2021-4344MEDIUMFrontend File Manager <= 18.2 - Privilege EscalationEPSS 0.5%CVE-2026-20960HIGHPowerApps Desktop Client Remote Code Execution VulnerabilityEPSS 0.5%CVE-2023-5654MEDIUMThe React Developer Tools extension registers a message listener with window.addEventListener('message', <listener>) in a content script thaEPSS 0.5%CVE-2022-4962MEDIUMApollo Configuration Center users improper authorizationEPSS 0.5%CVE-2026-42609HIGHGrav: Administrative Account Disruption and Privilege De-escalation via User Overwrite LogicEPSS 0.5%CVE-2024-3434MEDIUMCP Plus Wi-Fi Camera User Management improper authorizationEPSS 0.5%CVE-2026-8196MEDIUMJeecgBoot mLogin Endpoint LoginController.java authorizationEPSS 0.5%CVE-2023-23696HIGH
Dell Command Intel vPro Out of Band, versions prior to 4.3.1, contain an Improper Authorization vulnerability. A locally authenticated maliEPSS 0.5%CVE-2025-3918CRITICALJob Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action FunctionEPSS 0.5%CVE-2025-41249HIGHCVE-2025-41249: Spring Framework Annotation Detection VulnerabilityEPSS 0.5%CVE-2023-6496MEDIUMManage Notification E-mails <= 1.8.5 - Missing AuthorizationEPSS 0.5%CVE-2026-40963LOWApache Airflow: DAG authorization bypass on /ui/structure/structure_dataEPSS 0.5%