Weaknesses of type CWE-285
1,295 resultsCVE-2020-3539MEDIUMCisco Data Center Network Manager Authorization Bypass VulnerabilityEPSS 0.4%CVE-2025-13808MEDIUMorionsec orion-ops User Profile UserController.java update improper authorizationEPSS 0.4%CVE-2024-13058MEDIUMAuthenticated, non-admin users can create storage pools via the sifi APIEPSS 0.4%CVE-2026-28806CRITICALImproper authorization in device bulk actions and device update API allows cross-organization device controlEPSS 0.4%CVE-2023-3957MEDIUMACF Photo Gallery Field <= 1.9 - Authenticated (Subscriber+) Arbitrary Usermeta UpdateEPSS 0.4%CVE-2022-39890MEDIUMImproper Authorization in Samsung Billing prior to version 5.0.56.0 allows attacker to get sensitive information.EPSS 0.4%CVE-2025-4016MEDIUM20120630 Novel-Plus LogController.java deleteIndex improper authorizationEPSS 0.4%CVE-2025-48371MEDIUMOpenFGA Authorization BypassEPSS 0.4%CVE-2026-47342HIGHApache OFBiz: Privilege Escalation via updateOrRemove Authorization BypassEPSS 0.4%CVE-2026-20190HIGHCisco Identity Services Engine Information Disclosure VulnerabilityEPSS 0.4%CVE-2025-12854MEDIUMnewbee-mall-plus seckillExecution executeSeckill authorizationEPSS 0.4%CVE-2025-6736MEDIUMjuzaweb CMS Add New Themes Page install improper authorizationEPSS 0.4%CVE-2025-6735MEDIUMjuzaweb CMS Import Page imports improper authorizationEPSS 0.4%CVE-2025-53944HIGHAutoGPT Platform Exposes Graph Execution Results via Authorization GapEPSS 0.4%CVE-2023-36611MEDIUM
The affected TBox RTUs allow low privilege users to access software security tokens of higher privilege. This could allow an attacker with EPSS 0.4%CVE-2026-5326MEDIUMSourceCodester Leave Application System User Information index.php authorizationEPSS 0.4%CVE-2022-45450MEDIUMSensitive information disclosure and manipulation due to improper authorization. The following products are affected: Acronis Agent (Linux, EPSS 0.4%CVE-2025-3587MEDIUMZeroWdd/code-projects studentmanager getTeacherList improper authorizationEPSS 0.4%CVE-2024-5053MEDIUMContact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration ModificationEPSS 0.4%CVE-2023-39402CRITICALParameter verification vulnerability in the installd module. Successful exploitation of this vulnerability may cause sandbox files to be reaEPSS 0.4%