Weaknesses of type CWE-285
1,301 resultsCVE-2026-49278MEDIUMRocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor ImpersonationEPSS 0.2%CVE-2026-33125HIGHFrigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accountsEPSS 0.2%CVE-2026-27912HIGHWindows Kerberos Elevation of Privilege VulnerabilityEPSS 0.2%CVE-2026-1892LOWWeKan REST API boards.js setBoardOrgs improper authorizationEPSS 0.2%CVE-2025-11080MEDIUMzhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorizationEPSS 0.2%CVE-2026-42875MEDIUMExternal Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStoreEPSS 0.2%CVE-2026-24890HIGHOpenEMR Portal Users Can Forge Provider SignaturesEPSS 0.2%CVE-2026-34738MEDIUMAVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request ParameterEPSS 0.2%CVE-2025-50073MEDIUMVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affEPSS 0.2%CVE-2026-21724MEDIUMMissing Protected-field Authorization in Provisioning Contact Points APIEPSS 0.2%CVE-2025-15119LOWJeecgBoot list queryPageList improper authorizationEPSS 0.2%CVE-2017-20238HIGHHirschmann Industrial HiVision Improper Authorization Privilege EscalationEPSS 0.2%CVE-2025-6525MEDIUM70mai 1S Configuration Config.cgi improper authorizationEPSS 0.2%CVE-2025-12304MEDIUMdulaiduwang003 TIME-SEA-PLUS Order Status PayController.java alipayIsSucceed improper authorizationEPSS 0.2%CVE-2026-1894MEDIUMWeKan REST API checklistItems.js Checklist REST Bleed improper authorizationEPSS 0.2%CVE-2025-12720MEDIUMg-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product DeletionEPSS 0.2%CVE-2025-67715MEDIUMWeblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)EPSS 0.2%CVE-2026-7145MEDIUMmettle sendportal Invitation WorkspaceInvitationsController.php destroy authorizationEPSS 0.2%CVE-2026-48089HIGHDevGuard has improper authorization on public assetsEPSS 0.2%CVE-2026-30847CRITICALWekan Credential Leak via notificationUsers Publication Exposes Password Hashes and Session TokensEPSS 0.2%