Weaknesses of type CWE-863
2,093 resultsCVE-2024-39324LOWaimeos/ai-admin-graphql improper access control vulnerability allows editors to manage own servicesEPSS 0.4%CVE-2023-5198MEDIUMIncorrect Authorization in GitLabEPSS 0.4%CVE-2024-44136CRITICALThis issue was addressed through improved state management. This issue is fixed in iOS 17.5 and iPadOS 17.5. An attacker with physical accesEPSS 0.4%CVE-2026-42296HIGHArgo Workflows has incomplete fix for CVE-2026-31892: hostNetwork, securityContext, serviceAccountName bypass templateReferencing Strict/SecureEPSS 0.4%CVE-2026-32761MEDIUMFile Browser has an Authorization Policy Bypass in its Public Share Download FlowEPSS 0.4%CVE-2025-21568MEDIUMVulnerability in the Oracle Hyperion Data Relationship Management product of Oracle Hyperion (component: Access and Security). The supportEPSS 0.4%CVE-2026-27112CRITICALKargo has an Authorization Bypass Vulnerability in Batch Resource Creation API EndpointsEPSS 0.4%CVE-2022-25274MEDIUMDrupal 9.3 implemented a generic entity access API for entity revisions. However, this API was not completely integrated with existing permiEPSS 0.4%CVE-2025-7974LOWrocket.chat Incorrect Authorization Information Disclosure VulnerabilityEPSS 0.4%CVE-2024-21277HIGHVulnerability in the Oracle MES for Process Manufacturing product of Oracle E-Business Suite (component: Device Integration). Supported verEPSS 0.4%CVE-2024-1482HIGHImproper Authorization in GitHub Enterprise Server allowed unauthorized workflow execution EPSS 0.4%CVE-2024-21275HIGHVulnerability in the Oracle Quoting product of Oracle E-Business Suite (component: User Interface). Supported versions that are affected arEPSS 0.4%CVE-2023-4107MEDIUMIncorrect authorization allows a user manager to update a system adminEPSS 0.4%CVE-2022-39352MEDIUMOpenFGA Authorization BypassEPSS 0.4%CVE-2023-49246HIGHUnauthorized access vulnerability in the card management module. Successful exploitation of this vulnerability may affect service confidentiEPSS 0.4%CVE-2026-28466CRITICALOpenClaw < 2026.2.14 - Remote Code Execution via Node Invoke Approval BypassEPSS 0.4%CVE-2022-38475MEDIUMAn attacker could have written a value to the first element in a zero-length JavaScript array. Although the array was zero-length, the valueEPSS 0.4%CVE-2024-57678MEDIUMAn access control issue in the component form2WlAc.cgi of D-Link 816A2_FWv1.10CNB05_R1B011D88210 allows unauthenticated attackers to set theEPSS 0.4%CVE-2023-30544LOWKiwi TCMS may allow user to update email address to unverified oneEPSS 0.4%CVE-2020-36969HIGHM/Monit 3.7.4 - Privilege EscalationEPSS 0.4%