Weaknesses of type CWE-863
2,092 resultsCVE-2021-3658MEDIUMbluetoothd from bluez incorrectly saves adapters' Discoverable status when a device is powered down, and restores it when powered up. If a dEPSS 0.8%CVE-2024-24773MEDIUMApache Superset: Improper validation of SQL statements allows for unauthorized access to dataEPSS 0.8%CVE-2023-27525LOWApache Superset: Incorrect default permissions for Gamma roleEPSS 0.8%CVE-2021-21286HIGHAuthorization Bypass in AVideo PlatformEPSS 0.8%CVE-2025-24221HIGHThis issue was addressed with improved data access restriction. This issue is fixed in iOS 18.4 and iPadOS 18.4, iPadOS 17.7.6, visionOS 2.4EPSS 0.8%CVE-2023-27578CRITICALGalaxy vulnerable to unauthorized modification of pages/visualizations due to insufficient permission checkEPSS 0.8%CVE-2022-21701MEDIUMPrivileged Escalation in IstioEPSS 0.8%CVE-2024-29892MEDIUMZITADEL's actions can overload reserved claimsEPSS 0.8%CVE-2024-36611HIGHIn Symfony v7.07, a security vulnerability was identified in the FormLoginAuthenticator component, where it failed to adequately handle caseEPSS 0.8%CVE-2023-35908—Apache Airflow: Access to DAGs without relevant permissionEPSS 0.8%CVE-2024-37905HIGHImproper Access Control and Incorrect Authorization in github.com/goauthentik/authentikEPSS 0.8%CVE-2020-28397—A vulnerability has been identified in SIMATIC Drive Controller family (All versions < V2.9.2), SIMATIC ET 200SP Open Controller CPU 1515SP EPSS 0.8%CVE-2021-39119MEDIUMAffected versions of Atlassian Jira Server and Data Center allow users who have watched an issue to continue receiving updates on the issue EPSS 0.8%CVE-2024-55662CRITICALXWiki allows remote code execution through the extension sheetEPSS 0.7%CVE-2023-40309CRITICALMissing Authorization check in SAP CommonCryptoLibEPSS 0.7%CVE-2023-38209MEDIUMAdobe Commerce Incorrect Authorization Security feature bypassEPSS 0.7%CVE-2024-45132MEDIUMAdobe Commerce | Incorrect Authorization (CWE-863)EPSS 0.7%CVE-2024-22208MEDIUMphpMyFAQ sharing FAQ functionality can easily be abused for phishing purposesEPSS 0.7%CVE-2023-32672MEDIUMApache Superset: SQL parser edge case bypasses data access authorizationEPSS 0.7%CVE-2023-47320HIGHSilverpeas Core 6.3.1 is vulnerable to Incorrect Access Control. An attacker with low privileges is able to execute the administrator-only fEPSS 0.7%