Weaknesses of type CWE-285
1,297 resultsCVE-2026-7702MEDIUMtoeverything AFFiNE Public Markdown Preview Endpoint :docId allowDocPreview authorizationEPSS 0.3%CVE-2026-6612MEDIUMTransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorizationEPSS 0.3%CVE-2026-5842MEDIUMdecolua 9router Administrative API Endpoint api authorizationEPSS 0.3%CVE-2024-37159LOWEvmos is missing create validator checkEPSS 0.3%CVE-2025-10291MEDIUMlinlinjava litemall cancel WxAftersaleController improper authorizationEPSS 0.3%CVE-2025-13807MEDIUMorionsec orion-ops API MachineKeyController.java MachineKeyController improper authorizationEPSS 0.3%CVE-2025-10731MEDIUMReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data ExportEPSS 0.3%CVE-2025-14546MEDIUMVersions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery (CSRF) due to the improper validation of the EPSS 0.3%CVE-2026-38533MEDIUMAn improper authorization vulnerability in the /api/v1/users/{id} endpoint of Snipe-IT v8.4.0 allows authenticated attackers with the users.EPSS 0.3%CVE-2025-8401MEDIUMHT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information ExposureEPSS 0.3%CVE-2019-1603HIGHCisco NX-OS Software Privilege Escalation VulnerabilityEPSS 0.3%CVE-2026-25809MEDIUMPlaciPy Code Execution Allowed Without Assessment Active State ValidationEPSS 0.3%CVE-2021-3991MEDIUMImproper Authorization in dolibarr/dolibarrEPSS 0.3%CVE-2026-13490MEDIUMglpi-project glpi Document document.send.php canViewFile authorizationEPSS 0.3%CVE-2026-6105MEDIUMperfree go-fastdfs-web doInstall InstallController.java improper authorizationEPSS 0.3%CVE-2026-7644MEDIUMChatGPTNextWeb NextChat actions.ts addMcpServer improper authorizationEPSS 0.3%CVE-2025-3981MEDIUMwowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System details improper authorizationEPSS 0.3%CVE-2025-3977MEDIUMiteachyou Dreamer CMS Attachment download improper authorizationEPSS 0.3%CVE-2026-2015MEDIUMPortabilis i-Educar Final Status Import FinalStatusImportService.php improper authorizationEPSS 0.3%CVE-2026-10272MEDIUMa4m4 Student-Management-System deleteform.php improper authorizationEPSS 0.3%