Weaknesses of type CWE-285
1,294 resultsCVE-2024-39405MEDIUMAdobe Commerce | Improper Authorization (CWE-285)EPSS 0.4%CVE-2024-39419MEDIUMA user without ship permissions can ship the ordersEPSS 0.4%CVE-2024-39407MEDIUMAdobe Commerce | Improper Authorization (CWE-285)EPSS 0.4%CVE-2024-39412MEDIUMAdobe Commerce | Improper Authorization (CWE-285)EPSS 0.4%CVE-2024-6840MEDIUMAutomation-controller: gain access to the k8s api server via job execution with container groupEPSS 0.4%CVE-2024-56323MEDIUMOpenFGA Authorization BypassEPSS 0.4%CVE-2022-29913MEDIUMThe parent process would not properly check whether the Speech Synthesis feature is enabled, when receiving instructions from a child procesEPSS 0.4%CVE-2024-6384MEDIUMBackup files may be downloaded by underprivileged users in MongoDB Enterprise ServerEPSS 0.4%CVE-2026-40248HIGHfree5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence SubscriptionsEPSS 0.4%CVE-2024-3959MEDIUMImproper Authorization in GitLabEPSS 0.4%CVE-2024-9297MEDIUMSourceCodester Online Railway Reservation System admin improper authorizationEPSS 0.4%CVE-2020-36714HIGHBrizy < 1.0.126 - Authorization Bypass to Settings UpdatesEPSS 0.4%CVE-2019-1604HIGHCisco NX-OS Software Privilege Escalation VulnerabilityEPSS 0.4%CVE-2025-11521HIGHAstra Security Suite – Firewall & Malware Scan <= 0.2 - Unauthenticated Arbitrary File UploadEPSS 0.4%CVE-2023-50363HIGHQTS, QuTS heroEPSS 0.4%CVE-2026-33950CRITICALsignalk-server: Privilege Escalation by Admin Role Injection via /enableSecurityEPSS 0.4%CVE-2025-64655HIGHDynamics OmniChannel SDK Storage Containers Elevation of Privilege VulnerabilityEPSS 0.4%CVE-2025-3454MEDIUMThis vulnerability in Grafana's datasource proxy API allows authorization checks to be bypassed by adding an extra slash character in the UREPSS 0.4%CVE-2025-6329MEDIUMScriptAndTools Real Estate Management System User Delete userdelete.php authorizationEPSS 0.4%CVE-2024-47183HIGHParse Server's custom object ID allows to acquire role privilegesEPSS 0.4%