Weaknesses of type CWE-285
1,297 resultsCVE-2026-10272MEDIUMa4m4 Student-Management-System deleteform.php improper authorizationEPSS 0.3%CVE-2025-3977MEDIUMiteachyou Dreamer CMS Attachment download improper authorizationEPSS 0.3%CVE-2026-33222MEDIUMNATS JetStream has an authorization bypass through its Management APIEPSS 0.3%CVE-2026-30793CRITICALRustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User ConfirmationEPSS 0.3%CVE-2026-32300HIGHConnect CMS: Improper Authorization in the My Page Profile Update Feature Allows Modification of Arbitrary User InformationEPSS 0.3%CVE-2025-8791MEDIUMLitmusChaos Litmus list_projects improper authorizationEPSS 0.3%CVE-2023-21505MEDIUMImproper access control in Samsung Core Service prior to version 2.1.00.36 allows attacker to write arbitrary file in sandbox.EPSS 0.3%CVE-2025-9835MEDIUMmacrozheng mall cancelUserOrder cancelOrder authorizationEPSS 0.3%CVE-2025-3924MEDIUMPeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email EnumerationEPSS 0.3%CVE-2025-57438MEDIUMThe 2wcom IP-4c 2.15.5 device suffers from a Broken Access Control vulnerability. Certain sensitive endpoints are intended to be accessible EPSS 0.3%CVE-2023-22428HIGH
Improper privilege validation in Command Centre Server allows authenticated operators to modify Division lineage.
This issue affects CommaEPSS 0.3%CVE-2024-13552MEDIUMSupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object ReferenceEPSS 0.3%CVE-2025-4519HIGHIDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_password FunctionEPSS 0.3%CVE-2025-2653MEDIUMFoxCMS improper authorizationEPSS 0.3%CVE-2025-8839MEDIUMjshERP Endpoint addUser improper authorizationEPSS 0.3%CVE-2026-6570MEDIUMkodcloud KodExplorer systemMember.class.php initInstall authorizationEPSS 0.3%CVE-2026-1141MEDIUMPHPGurukul News Portal Add Sub-Admin add-subadmins.php improper authorizationEPSS 0.3%CVE-2026-6583MEDIUMTransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorizationEPSS 0.3%CVE-2026-6584MEDIUMTransformerOptimus SuperAGI User Update Endpoint user.py update_user authorizationEPSS 0.3%CVE-2023-33020HIGHImproper Authorization in WLAN HostEPSS 0.3%