Weaknesses of type CWE-863
2,093 resultsCVE-2023-3964MEDIUMIncorrect Authorization in GitLabEPSS 0.5%CVE-2022-39388HIGHIstio may allow identity impersonation if user has localhost accessEPSS 0.5%CVE-2024-12196MEDIUMIncorrect authorization in the permission component in Devolutions Server 2024.3.7.0 and earlier allows an authenticated user to view the paEPSS 0.5%CVE-2022-23473MEDIUMTuleap MediaWiki standalone "readers" can also edit pagesEPSS 0.5%CVE-2024-58260HIGHRancher update on users can deny the service to the adminEPSS 0.5%CVE-2026-33668HIGHVikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID ConnectEPSS 0.5%CVE-2023-50811MEDIUMAn issue discovered in SELESTA Visual Access Manager 4.38.6 allows attackers to modify the “computer” POST parameter related to the ID of a EPSS 0.5%CVE-2024-48176CRITICALLylme Spage v1.9.5 is vulnerable to Incorrect Access Control. There is no limit on the number of login attempts, and the verification code wEPSS 0.5%CVE-2024-5705HIGHHitachi Vantara Pentaho Business Analytics Server - Incorrect AuthorizationEPSS 0.5%CVE-2018-25353HIGHRedaxo CMS Mediapool Addon 5.5.1 Arbitrary File UploadEPSS 0.5%CVE-2026-30945HIGHStudioCMS: IDOR — Arbitrary API Token Revocation Leading to Denial of ServiceEPSS 0.5%CVE-2024-47078HIGHMeshtastic firmware Authentication/Authorization Bypass via MQTTEPSS 0.5%CVE-2025-54265MEDIUMAdobe Commerce | Incorrect Authorization (CWE-863)EPSS 0.5%CVE-2026-54803CRITICALWordPress SMS Alert Order Notifications plugin <= 3.9.4 - Privilege Escalation vulnerabilityEPSS 0.4%CVE-2024-27915MEDIUMSulu grants access to pages regardless of role permissionsEPSS 0.4%CVE-2024-53937HIGHAn issue was discovered on Victure RX1800 WiFi 6 Router (software EN_V1.0.0_r12_110933, hardware 1.0) devices. The TELNET service is enabledEPSS 0.4%CVE-2024-37775HIGHIncorrect access control in Sunbird DCIM dcTrack v9.1.2 allows attackers to create or update a ticket with a location which bypasses an RBACEPSS 0.4%CVE-2023-51649LOWNautobot missing object-level permissions enforcement when running Job ButtonsEPSS 0.4%CVE-2026-25660CRITICALAuthentication bypass for certain API callsEPSS 0.4%CVE-2024-48237CRITICALWTCMS 1.0 is vulnerable to Incorrect Access Control in \Common\Controller\HomebaseController.class.php.EPSS 0.4%