Weaknesses of type CWE-285
1,301 resultsCVE-2026-33162MEDIUMCraft CMS: Authorization bypass in "entries/move-to-section" allows control panel user to move entries without section permissionsEPSS 0.3%CVE-2024-13692MEDIUMReturn Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object ReferenceEPSS 0.3%CVE-2026-12799MEDIUMBerriAI litellm Incomplete Fix CVE-2025-0628 internal_user_endpoints.py ui_view_users improper authorizationEPSS 0.3%CVE-2026-12771LOWBerriAI litellm M2M JWT user_api_key_auth.py improper authorizationEPSS 0.3%CVE-2026-41115MEDIUMApache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE APIEPSS 0.3%CVE-2021-25351LOWImproper Access Control in EmailValidationView in Samsung Account prior to version 10.7.0.7 and 12.1.1.3 allows physically proximate attackeEPSS 0.3%CVE-2020-1908—Improper authorization of the Screen Lock feature in WhatsApp and WhatsApp Business for iOS prior to v2.20.100 could have permitted use of SEPSS 0.3%CVE-2022-46752MEDIUM
Dell BIOS contains an Improper Authorization vulnerability. An unauthenticated physical attacker may potentially exploit this vulnerabilityEPSS 0.3%CVE-2026-27803HIGHVaultwarden: Collection Management Operations Allowed Without `manage` Verification for Manager RoleEPSS 0.3%CVE-2021-25507MEDIUMImproper authorization vulnerability in Samsung Flow mobile application prior to 4.8.03.5 allows Samsung Flow PC application connected with EPSS 0.3%CVE-2026-7109MEDIUMcode-projects Invoice System in Laravel API Endpoint item improper authorizationEPSS 0.3%CVE-2026-2896MEDIUMfunadmin Configuration Ajax.php setConfig improper authorizationEPSS 0.3%CVE-2026-25885CRITICALPolarLearn allows Unauthenticated WebSocket access allows subscribing to and posting in arbitrary group chatsEPSS 0.3%CVE-2025-13115MEDIUMmacrozheng mall-swarm/mall Order Details detail improper authorizationEPSS 0.3%CVE-2026-44504HIGHAegra: Cross-user run injection in /threads/{thread_id}/runs (IDOR)EPSS 0.3%CVE-2026-32252HIGHChartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`EPSS 0.3%CVE-2024-48897MEDIUMMoodle: idor in edit/delete rss feedEPSS 0.3%CVE-2026-5642MEDIUMCyber-III Student-Management-System HTTP POST Request update.php improper authorizationEPSS 0.3%CVE-2025-58386CRITICALIn Terminalfour 8 through 8.4.1.1, the userLevel parameter in the user management function is not subject to proper server-side authorizatioEPSS 0.3%CVE-2024-39597HIGH[CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP CommerceEPSS 0.3%