Weaknesses of type CWE-285
1,301 resultsCVE-2026-6586MEDIUMTransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorizationEPSS 0.3%CVE-2026-6571MEDIUMkodcloud KodExplorer systemRole.class.php roleGroupAction authorizationEPSS 0.3%CVE-2025-15125LOWJeecgBoot queryDepartPermission improper authorizationEPSS 0.3%CVE-2026-10876MEDIUMSourceCodester Ship Ferry Ticket Reservation System admin improper authorizationEPSS 0.3%CVE-2026-8786MEDIUMTencent WeKnora Config API Endpoint initialization.go getKnowledgeBaseForInitialization authorizationEPSS 0.3%CVE-2024-20979MEDIUMVulnerability in the Oracle BI Publisher product of Oracle Analytics (component: Web Server). Supported versions that are affected are 6.4.EPSS 0.3%CVE-2026-24835HIGHPodman Desktop Extension System Vulnerable to Authentication BypassEPSS 0.3%CVE-2025-11879MEDIUMGenerateBlocks <= 2.1.1 - Improper Authorization to Authenticated (Contributor+) Arbitrary Options DisclosureEPSS 0.3%CVE-2025-9836MEDIUMmacrozheng mall paySuccess authorizationEPSS 0.3%CVE-2024-20943MEDIUMVulnerability in the Oracle Knowledge Management product of Oracle E-Business Suite (component: Internal Operations). Supported versions thEPSS 0.3%CVE-2025-65966HIGHOneUptime Unauthorized User Creation via APIEPSS 0.3%CVE-2021-36276HIGHDell DBUtilDrv2.sys driver (versions 2.5 and 2.6) contains an insufficient access control vulnerability which may lead to escalation of privEPSS 0.3%CVE-2025-10422MEDIUMnewbee-mall Order Status paySuccess improper authorizationEPSS 0.3%CVE-2025-14348MEDIUMweMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information DisclosureEPSS 0.3%CVE-2020-7583—A vulnerability has been identified in Automation License Manager 5 (All versions), Automation License Manager 6 (All versions < V6.0.8). ThEPSS 0.3%CVE-2025-6088MEDIUMImproper Authorization in danny-avila/librechatEPSS 0.3%CVE-2026-1710MEDIUMWooPayments <= 10.5.1 - Missing Authorization to Unauthenticated Plugin Settings Update via save_upe_appearance_ajaxEPSS 0.3%CVE-2023-5948HIGHImproper Authorization in teamamaze/amazefileutilitiesEPSS 0.3%CVE-2025-13116MEDIUMmacrozheng mall-swarm/mall cancelUserOrder improper authorizationEPSS 0.3%CVE-2026-25999HIGHKlaw has an improper authorisation check on /resetMemoryCacheEPSS 0.3%