Weaknesses of type CWE-285

1,302 results
CVE-2025-22176MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%CVE-2025-22177MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user can access unexpected endpoints that disclose a small amount of senEPSS 0.2%CVE-2026-6938MEDIUMIBM® Db2® is vulnerable to authorization bypass when uploading to a remote object storage path with a special queryEPSS 0.2%CVE-2025-2850MEDIUMGL.iNet GL-A1300 Slate Plus Download Interface improper authorizationEPSS 0.2%CVE-2026-40305MEDIUMDNN has Force Friend Request AcceptanceEPSS 0.2%CVE-2025-32964MEDIUMManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensionsEPSS 0.2%CVE-2026-56310MEDIUMCap-go - Authorization Bypass in Organization Members Endpoint via API Key Scope BypassEPSS 0.2%CVE-2026-31869MEDIUMDiscourse: Composer mentions endpoint leaks hidden group membership through PM `allowed_names` checkEPSS 0.2%CVE-2022-34434MEDIUMCloud Mobility for Dell Storage versions 1.3.0 and earlier contains an Improper Access Control vulnerability within the Postgres database. AEPSS 0.2%CVE-2026-28881MEDIUMA privacy issue was addressed by moving sensitive data. This issue is fixed in macOS Tahoe 26.4. An app may be able to access sensitive userEPSS 0.2%CVE-2025-22171MEDIUMJira Align is vulnerable to an authorization issue. A low-privilege user is able to alter the private checklists of other users.EPSS 0.2%CVE-2023-21440MEDIUMImproper access control vulnerability in WindowManagerService prior to SMR Feb-2023 Release 1 allows attackers to take a screen capture.EPSS 0.2%CVE-2026-56231HIGHCapgo - Broken Object Level Authorization in Build Job Control via jobId ParameterEPSS 0.2%CVE-2025-66291MEDIUMOrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview AttachmentsEPSS 0.2%CVE-2025-43403MEDIUMAn authorization issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOSEPSS 0.2%CVE-2026-39347MEDIUMOrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After CompletionEPSS 0.2%CVE-2026-33074MEDIUMDiscourse: Vulnerability in discourse-subscriptions plugin allowing users to self-grant to higher tier subscriptionsEPSS 0.2%CVE-2025-10736MEDIUMReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.10 - Incorrect Authorization to Unauthenticated Information Exposure and Data ManipulationEPSS 0.2%CVE-2023-42973MEDIUMPrivate Browsing tabs may be accessed without authentication. This issue is fixed in iOS 17 and iPadOS 17. The issue was addressed with imprEPSS 0.2%CVE-2023-28385HIGHImproper authorization in the Intel(R) NUC Pro Software Suite for Windows before version 2.0.0.9 may allow a privileged user to potentially EPSS 0.2%