Weaknesses of type CWE-863
2,098 resultsCVE-2025-54246MEDIUMAdobe Experience Manager | Incorrect Authorization (CWE-863)EPSS 0.4%CVE-2026-33577HIGHOpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approveEPSS 0.4%CVE-2023-42553MEDIUMImproper authorization verification vulnerability in Samsung Email prior to version 6.1.90.4 allows attackers to read sandbox data of email.EPSS 0.4%CVE-2025-4646HIGHA high privilege user is able to create and use a valid admin API token in centreon-webEPSS 0.4%CVE-2022-39302MEDIUMRee6 may bypass webhook protectionEPSS 0.4%CVE-2023-29752HIGHAn issue found in Facemoji Emoji Keyboard v.2.9.1.2 for Android allows unauthorized apps to cause escalation of privilege attacks by manipulEPSS 0.4%CVE-2026-33330HIGHFileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callbackEPSS 0.4%CVE-2024-48925NONEUmbraco CMS Improper Access Control Vulnerability Allows Low-Privilege Users to Access Webhook APIEPSS 0.4%CVE-2026-46519HIGHmcp-server-kubernetes Affected By Tool Access Control Bypass: Presentation-Layer Filtering Without Execution-Layer EnforcementEPSS 0.4%CVE-2025-29757CRITICALAn incorrect authorisation check in the the 'plant transfer' function of the Growatt cloud service allowed a malicous attacker with a valid EPSS 0.4%CVE-2025-0580MEDIUMShiprocket Module REST API Module rest_api authorizationEPSS 0.4%CVE-2026-34953CRITICALPraisonAI: Authentication Bypass in OAuthManager.validate_token()EPSS 0.4%CVE-2023-24047HIGHAn Insecure Credential Management issue discovered in Connectize AC21000 G6 641.139.1.1256 allows attackers to gain escalated privileges viaEPSS 0.4%CVE-2023-31226HIGHThe SDK for the MediaPlaybackController module has improper permission verification. Successful exploitation of this vulnerability may affecEPSS 0.4%CVE-2022-2155MEDIUMA vulnerability exists in the Lumada APM’s User Asset Group feature due to a flaw in access control mechanism implementation on the “Limited Engineer” role. EPSS 0.4%CVE-2026-40914MEDIUMApache Artemis Stomp Protocol, Apache ActiveMQ Artemis Stomp Protocol: Address routing-type can be updated by STOMP protocol user without the createAddress permissionEPSS 0.4%CVE-2025-36546CRITICALF5OS Appliance Mode vulnerabilityEPSS 0.4%CVE-2024-47160MEDIUMIn JetBrains YouTrack before 2024.3.44799 access to global app config data without appropriate permissions was possibleEPSS 0.4%CVE-2026-43948CRITICALwger: cross-tenant password reset and plaintext disclosure via gym=None bypassEPSS 0.4%CVE-2025-21554MEDIUMVulnerability in the Oracle Communications Order and Service Management product of Oracle Communications Applications (component: Security).EPSS 0.4%