Weaknesses of type CWE-285
1,301 resultsCVE-2026-4548MEDIUMmickasmt next-saas-stripe-starter update-user-role.ts updateUserrole improper authorizationEPSS 0.2%CVE-2022-30717MEDIUMImproper caller check in AR Emoji prior to SMR Jun-2022 Release 1 allows untrusted applications to use some camera functions via deeplink.EPSS 0.2%CVE-2026-41572MEDIUMNote Mark: Unauthenticated read of notes and assets in soft-deleted public booksEPSS 0.2%CVE-2025-9294MEDIUMQuiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results DeletionEPSS 0.2%CVE-2026-45620MEDIUMAVideo CVE-2026-43881 incomplete fix - `objects/mention.json.php:17` is an unauthenticated user enumerationEPSS 0.2%CVE-2026-45365MEDIUMOpen WebUI: Authenticated users can bypass model access control via exposed query parameterEPSS 0.2%CVE-2022-36838MEDIUMImplicit Intent hijacking vulnerability in Galaxy Wearable prior to version 2.2.50 allows attacker to get sensitive information.EPSS 0.2%CVE-2025-46289MEDIUMA logic issue was addressed with improved file handling. This issue is fixed in macOS Sequoia 15.7.3, macOS Sonoma 14.8.3, macOS Tahoe 26.2.EPSS 0.2%CVE-2024-36438HIGHeLinkSmart Hidden Smart Cabinet Lock 2024-05-22 has Incorrect Access Control and fails to perform an authorization check which can lead to cEPSS 0.2%CVE-2026-2294MEDIUMUiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.09 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings UpdateEPSS 0.2%CVE-2025-12505MEDIUMweDocs <= 2.1.14 - Missing Authorization to Settings UpdateEPSS 0.2%CVE-2022-36837MEDIUMIntent redirection vulnerability using implicit intent in Samsung email prior to version 6.1.70.20 allows attacker to get sensitive informatEPSS 0.2%CVE-2026-4818MEDIUMSome management operations on data streams are not properly restricted when user does not have the necessary privilegesEPSS 0.2%CVE-2025-22170MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user without sufficient privileges to perform an action could if they inEPSS 0.2%CVE-2025-22176MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%CVE-2025-22173MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%CVE-2025-22168MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%CVE-2026-2209MEDIUMWeKan Custom Translation translationBody.js setCreateTranslation improper authorizationEPSS 0.2%CVE-2025-22172MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%CVE-2025-22177MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%