Weaknesses of type CWE-285
1,295 resultsCVE-2024-21026MEDIUMVulnerability in the Oracle Complex Maintenance, Repair, and Overhaul product of Oracle E-Business Suite (component: LOV). Supported versioEPSS 0.4%CVE-2023-22931MEDIUM‘createrss’ External Search Command Overwrites Existing RSS Feeds in Splunk EnterpriseEPSS 0.4%CVE-2023-32717MEDIUMRole-based Access Control (RBAC) Bypass on '/services/indexing/preview' REST Endpoint Can Overwrite Search ResultsEPSS 0.4%CVE-2026-2141MEDIUMWuKongOpenSource WukongCRM URL PermissionServiceImpl.java improper authorizationEPSS 0.4%CVE-2025-7947MEDIUMjshERP Account delete improper authorizationEPSS 0.4%CVE-2024-13646HIGHSingle-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options UpdateEPSS 0.4%CVE-2025-8789MEDIUMPortabilis i-Educar API Endpoint Diario authorizationEPSS 0.4%CVE-2025-4474HIGHFrontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function FunctionEPSS 0.4%CVE-2025-11030MEDIUMTutorials-Website Employee Management System HTTP Request all-applied-leave.php improper authorizationEPSS 0.4%CVE-2023-22938MEDIUMPermissions Validation Failure in the ‘sendemail’ REST API Endpoint in Splunk EnterpriseEPSS 0.4%CVE-2026-1702MEDIUMSourceCodester Pet Grooming Management Software User Management user.php improper authorizationEPSS 0.4%CVE-2026-45275MEDIUMNextcloud: Authorization bypass in approval feature allows unauthorized file sharing with approversEPSS 0.4%CVE-2025-10977LOWJeecgBoot deleteBatch improper authorizationEPSS 0.4%CVE-2025-28131MEDIUMA Broken Access Control vulnerability in Nagios Network Analyzer 2024R1.0.3 allows low-privilege users with "Read-Only" access to perform adEPSS 0.4%CVE-2025-10389MEDIUMCRMEB Administrator Password SystemAdminServices.php save improper authorizationEPSS 0.4%CVE-2025-6099MEDIUMszluyu99 gin-vue-blog PATCH Request manager.go improper authorizationEPSS 0.4%CVE-2024-56802HIGHTapir allows DeployKey exposureEPSS 0.4%CVE-2022-40521HIGHImproper authorization in ModemEPSS 0.4%CVE-2019-13528—A specific utility may allow an attacker to gain read access to privileged files in the Niagara AX 3.8u4 (JACE 3e, JACE 6e, JACE 7, JACE-800EPSS 0.4%CVE-2024-37167MEDIUMTuleap has improper permissions of the backlog itemsEPSS 0.4%