Weaknesses of type CWE-285
1,298 resultsCVE-2025-10278MEDIUMYunaiV ruoyi-vue-pro transfer improper authorizationEPSS 0.3%CVE-2025-10276MEDIUMYunaiV ruoyi-vue-pro transfer improper authorizationEPSS 0.3%CVE-2026-31836HIGHMass Assignment Privilege Escalation in CheckmateEPSS 0.3%CVE-2026-35407MEDIUMSaleor has Cross-Account Email Change via Unbound Confirmation TokenEPSS 0.3%CVE-2026-11462MEDIUMChengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorizationEPSS 0.3%CVE-2026-46656HIGHBludit CMS has improper authorization and mediation failure leading to persistent ghost sessionsEPSS 0.3%CVE-2026-8027MEDIUMFlowiseAI Flowise User Controller authorizationEPSS 0.3%CVE-2026-13549MEDIUMCodeAstro Complaint Management System Report Endpoint Report.php deletereport authorizationEPSS 0.3%CVE-2026-8241MEDIUMIndustrial Application Software IAS Canias ERP RMI iasGetServerInfoEvent improper authorizationEPSS 0.3%CVE-2026-12204MEDIUMShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorizationEPSS 0.3%CVE-2026-39901MEDIUMmonetr: Protected Transactions Deletable via PUTEPSS 0.3%CVE-2025-4136MEDIUMWeitong Mall Sale Endpoint improper authorizationEPSS 0.3%CVE-2026-4563MEDIUMMacCMS Member Order Detail User.php order_info authorizationEPSS 0.3%CVE-2026-42902HIGHMicrosoft PowerToys Elevation of Privilege VulnerabilityEPSS 0.3%CVE-2020-5362HIGHDell Client Consumer and Commercial platforms include an improper authorization vulnerability in the Dell Manageability interface for which EPSS 0.3%CVE-2026-9306MEDIUMQuantumNous new-api Midjourney Image Relay Endpoint relay-router.go GetByOnlyMJId authorizationEPSS 0.3%CVE-2025-65029HIGHRallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll ParticipantsEPSS 0.3%CVE-2025-30373MEDIUMGraylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong valueEPSS 0.3%CVE-2025-65033HIGHRallly Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID ManipulationEPSS 0.3%CVE-2026-43912HIGHVaultwarden: Cross-Org Group Binding Enables Unauthorized Read And Write Access Into Another OrganizationEPSS 0.3%