Weaknesses of type CWE-285
1,301 resultsCVE-2026-12673MEDIUMLiquidfiles versions before 4.2.12 are affected by a broken access control vulnerability resulting in privilege escalation from an Admin in EPSS 0.3%CVE-2025-9151MEDIUMLiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorizationEPSS 0.3%CVE-2026-10215MEDIUMDolibarr ERP CRM Leave Request REST API api_holidays.class.php checkUserAccessToObject improper authorizationEPSS 0.3%CVE-2025-15085MEDIUMyoulaitech youlai-mall Balance MemberController.java deductBalance improper authorizationEPSS 0.3%CVE-2025-11227MEDIUMGiveWP – Donation Plugin and Fundraising Platform <= 4.10.0 - Missing Authorization to Unauthenticated Forms and Campaigns DisclosureEPSS 0.3%CVE-2026-47740HIGHShopper: Authorization bypass in multiple Livewire admin componentsEPSS 0.3%CVE-2026-7292MEDIUMo2oa NodeAgent NodeAgent.java syncFile improper authorizationEPSS 0.3%CVE-2025-31249HIGHA logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5. An app may be able to access sensitive user datEPSS 0.3%CVE-2025-59305HIGHImproper authorization in the background migration endpoints of Langfuse 3.1 before d67b317 allows any authenticated user to invoke migratioEPSS 0.3%CVE-2025-64751MEDIUMOpenFGA Improper Policy EnforcementEPSS 0.3%CVE-2025-10014LOWelunez eladmin Email Address updateEmail updateUserEmail improper authorizationEPSS 0.3%CVE-2025-64065HIGHThe Primakon Pi Portal 1.0.18 API /api/V2/pp_udfv_admin endpoint, fails to perform necessary server-side validation. The administrative LogiEPSS 0.3%CVE-2025-64062HIGHThe Primakon Pi Portal 1.0.18 /api/V2/pp_users?email endpoint is used for user data filtering but lacks proper server-side validation againsEPSS 0.3%CVE-2026-7502MEDIUMLinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorizationEPSS 0.3%CVE-2026-3737MEDIUMSourceCodester Pet Grooming Management Software User Creation add_user.php improper authorizationEPSS 0.3%CVE-2026-3738MEDIUMSourceCodester Pet Grooming Management Software Financial Report improper authorizationEPSS 0.3%CVE-2026-49397MEDIUMNezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing dataEPSS 0.3%CVE-2023-3899HIGHSubscription-manager: inadequate authorization of com.redhat.rhsm1 d-bus interface allows local users to modify configurationEPSS 0.3%CVE-2024-23806MEDIUMHID Global Reader Configuration Cards Improper AuthorizationEPSS 0.3%CVE-2026-2860MEDIUMfeng_ha_ha/megagao ssm-erp/production_ssm EmployeeController.java improper authorizationEPSS 0.3%