Weaknesses of type CWE-285

1,301 results
CVE-2025-2397MEDIUMChina Mobile P22g-CIac Telnet Service improper authorizationEPSS 0.2%CVE-2025-11510MEDIUMFileBird <= 6.4.9 - Improper Authorization to Authenticated (Author+) Settings ResetEPSS 0.2%CVE-2024-50617HIGHVulnerabilities in the File Download and Get File handler components in CIPPlanner CIPAce before 9.17 allow attackers to download unauthorizEPSS 0.2%CVE-2022-39873MEDIUMImproper authorization vulnerability in Samsung Internet prior to version 18.0.4.14 allows physical attackers to add bookmarks in secret modEPSS 0.2%CVE-2026-5781HIGHMultiple vulnerabilities in MphRx's MinervaEPSS 0.2%CVE-2025-15087MEDIUMyoulaitech youlai-mall OrderController.java submitOrderPayment improper authorizationEPSS 0.2%CVE-2026-50201MEDIUMSteeltoe's sensitive actuators (heapdump/env) only require Restricted permissionEPSS 0.2%CVE-2023-21454LOWImproper authorization in Samsung Keyboard prior to SMR Mar-2023 Release 1 allows physical attacker to access users text history on the lockEPSS 0.2%CVE-2023-28317MEDIUMA vulnerability has been discovered in Rocket.Chat, where editing messages can change the original timestamp, causing the UI to display messEPSS 0.2%CVE-2026-10284MEDIUMDevaslanPHP project-management Livewire ViewTicket.php doDeleteComment improper authorizationEPSS 0.2%CVE-2026-10285MEDIUMDevaslanPHP project-management Ticket KanbanScrumHelper.php recordUpdated improper authorizationEPSS 0.2%CVE-2024-40807MEDIUMA logic issue was addressed with improved checks. This issue is fixed in macOS Monterey 12.7.6, macOS Sonoma 14.6, macOS Ventura 13.6.8. A sEPSS 0.2%CVE-2026-11533MEDIUMimvks786 student_management_system Student Deletion Endpoint see.php improper authorizationEPSS 0.2%CVE-2026-10218MEDIUMnextlevelbuilder GoClaw evolution_handlers.go auth improper authorizationEPSS 0.2%CVE-2026-4248HIGHUltimate Member <= 2.11.2 - Authenticated (Contributor+) Sensitive Information Exposure to Account Takeover via Shortcode Template TagEPSS 0.2%CVE-2025-12814MEDIUMSiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings ResetEPSS 0.2%CVE-2023-32662MEDIUMImproper authorization in some Intel Battery Life Diagnostic Tool installation software before version 2.2.1 may allow a privilaged user to EPSS 0.2%CVE-2024-13724MEDIUMWallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Missing AuthorizationEPSS 0.2%CVE-2024-32359MEDIUMAn RBAC authorization risk in Carina v0.13.0 and earlier allows local attackers to execute arbitrary code through designed commands to obtaiEPSS 0.2%CVE-2026-10282MEDIUMBottelet DaybydayCRM DocumentsController.php view improper authorizationEPSS 0.2%