Weaknesses of type CWE-285
1,301 resultsCVE-2025-14088MEDIUMketr JEPaaS load improper authorizationEPSS 0.2%CVE-2026-7093MEDIUMcode-projects Invoice System in Laravel Invoice Endpoint invoice improper authorizationEPSS 0.2%CVE-2026-42202MEDIUMnova-toggle-5: Improper authorization on toggle endpoint allowed non-Nova users to modify boolean fieldsEPSS 0.2%CVE-2026-5283MEDIUMInappropriate implementation in ANGLE in Google Chrome prior to 146.0.7680.178 allowed a remote attacker to leak cross-origin data via a craEPSS 0.2%CVE-2026-13534LOWCherryHQ cherry-studio CherryIN Preload API MemoryService.ts sha256 authorizationEPSS 0.2%CVE-2026-47673MEDIUMHono: JWT middleware accepts any Authorization scheme, not only BearerEPSS 0.2%CVE-2026-13591LOWDeepMyst Mysti Contact Tracking ChannelBridge.ts _isTrackedConversation improper authorizationEPSS 0.2%CVE-2026-9409MEDIUMSushmi-pal Invoice-System User Management user improper authorizationEPSS 0.2%CVE-2026-9410MEDIUMSushmi-pal Invoice-System Profile Workflow profile improper authorizationEPSS 0.2%CVE-2026-54012HIGHOpen WebUI: Forged model meta.knowledge allows cross-user file read and deletionEPSS 0.2%CVE-2023-28378MEDIUMImproper authorization in some Intel(R) QAT drivers for Windows - HW Version 2.0 before version 2.0.4 may allow an authenticated user to potEPSS 0.2%CVE-2021-44204—Local privilege escalation via named pipe due to improper access control checksEPSS 0.2%CVE-2022-33705—Information exposure in Calendar prior to version 12.3.05.10000 allows attacker to access calendar schedule without READ_CALENDAR permissionEPSS 0.2%CVE-2025-11815MEDIUMUiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings UpdateEPSS 0.2%CVE-2025-59686MEDIUMKazaar 1.25.12 allows /api/v1/org-id/orders/order-id/documents calls with a modified order-id.EPSS 0.2%CVE-2025-5175MEDIUMerdogant pypickle pypickle.py save improper authorizationEPSS 0.2%CVE-2020-9081LOWThere is an improper authorization vulnerability in some Huawei smartphones. An attacker could perform a series of operation in specific modEPSS 0.2%CVE-2026-34321MEDIUMVulnerability in the Oracle Financial Services Analytical Applications Infrastructure product of Oracle Financial Services Applications (comEPSS 0.2%CVE-2026-4548MEDIUMmickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorizationEPSS 0.2%CVE-2021-36311MEDIUMDell EMC Networker versions prior to 19.5 contain an Improper Authorization vulnerability. Any local malicious user with networker user privEPSS 0.2%