Weaknesses of type CWE-863
2,089 resultsCVE-2023-27107HIGHIncorrect access control in the runReport function of MyQ Solution Print Server before 8.2 Patch 32 and Central Server before 8.2 Patch 22 aEPSS 0.8%CVE-2025-27645CRITICALVasion Print (formerly PrinterLogic) before Virtual Appliance Host 22.0.933 Application 20.0.2368 allows Insecure Extension Installation by EPSS 0.8%CVE-2021-41230MEDIUMOIDC claims not updated from Identity Provider in PomeriumEPSS 0.8%CVE-2021-24279—Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Plugin InstallationEPSS 0.8%CVE-2021-24742—Logo Slider and Showcase < 1.3.37 - Editor Plugin's Settings UpdateEPSS 0.8%CVE-2023-5356HIGHIncorrect Authorization in GitLabEPSS 0.8%CVE-2025-21519MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Privileges). Supported versions that are affected aEPSS 0.8%CVE-2021-24770—Stylish Price List < 6.9.1 - Subscriber+ Arbitrary Image UploadEPSS 0.8%CVE-2022-0866—This is a concurrency issue that can result in the wrong caller principal being returned from the session context of an EJB that is configurEPSS 0.8%CVE-2019-6838—A CWE-863: Incorrect Authorization vulnerability exists in U.motion Server (MEG6501-0001 - U.motion KNX server, MEG6501-0002 - U.motion KNX EPSS 0.8%CVE-2022-45956MEDIUMBoa Web Server versions 0.94.13 through 0.94.14 fail to validate the correct security constraint on the HEAD HTTP method allowing everyone tEPSS 0.8%CVE-2021-41241MEDIUMAdvanced permissions is not respected for subfolders in Nextcloud serverEPSS 0.8%CVE-2024-24573HIGHfacileManager Privilege Escalation via Mass AssignmentEPSS 0.8%CVE-2023-28634HIGHGLPI vulnerable to Privilege Escalation from Technician to Super-AdminEPSS 0.8%CVE-2022-46792HIGHHasura GraphQL Engine before 2.15.2 mishandles row-level authorization in the Update Many API for Postgres backends. The fixed versions are EPSS 0.8%CVE-2025-48044HIGHAuthorization bypass when bypass policy condition evaluates to trueEPSS 0.8%CVE-2022-36109MEDIUMMoby vulnerability relating to supplementary group permissionsEPSS 0.8%CVE-2021-29437HIGHAccount compromise by man-in-the-middle attackEPSS 0.8%CVE-2022-4315MEDIUMAn issue has been discovered in GitLab DAST analyzer affecting all versions starting from 2.0 before 3.0.55, which sends custom request headEPSS 0.8%CVE-2023-23299—The permission system implemented and enforced by the GarminOS TVM component in CIQ API version 1.0.0 through 4.1.7 can be bypassed entirelyEPSS 0.8%