Weaknesses of type CWE-863
2,100 resultsCVE-2020-15248MEDIUMPrivilege escalation by backend users assigned to the default "Publisher" system roleEPSS 0.3%CVE-2026-45339MEDIUMOpen WebUI: API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpointsEPSS 0.3%CVE-2026-32924MEDIUMOpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in FeishuEPSS 0.3%CVE-2025-6168LOWIncorrect Authorization in GitLabEPSS 0.3%CVE-2026-33132MEDIUMZITADEL is missing enforcement of organization scopesEPSS 0.3%CVE-2026-28873HIGHThis issue was addressed with additional entitlement checks. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.4 and iPadOS 26.4. EPSS 0.3%CVE-2026-24851MEDIUMOpenFGA Improper Policy EnforcementEPSS 0.3%CVE-2025-66719CRITICALAn issue was discovered in Free5gc NRF 1.4.0. In the access-token generation logic of free5GC, the AccessTokenScopeCheck() function in file EPSS 0.3%CVE-2025-41030MEDIUMMultiple vulnerabilities in Deporsite by T-INNOVAEPSS 0.3%CVE-2025-41031MEDIUMMultiple vulnerabilities in Deporsite by T-INNOVAEPSS 0.3%CVE-2025-3476CRITICALIncorrect Authorization vulnerability in OpenText™ Operations Bridge Manager. The vulnerability could allows privilege escalation by authentEPSS 0.3%CVE-2026-27899HIGHWireGuard Portal Vulnerable to Privilege Escalation to Admin via User Self-UpdateEPSS 0.3%CVE-2025-3453MEDIUMPassword Protected – Password Protect your WordPress Site, Pages, & WooCommerce Products <= 2.7.7 - Unauthenticated Sensitive Information ExposureEPSS 0.3%CVE-2024-32643HIGHMasa CMS vulnerable to authentication bypass with /tag/EPSS 0.3%CVE-2026-26336HIGHHyland Alfresco Improper Authorization Arbitrary File ReadEPSS 0.3%CVE-2025-10545LOWGuest user can add unauthorized team users to private channelsEPSS 0.3%CVE-2023-52361HIGHThe VerifiedBoot module has a vulnerability that may cause authentication errors.Successful exploitation of this vulnerability may affect inEPSS 0.3%CVE-2026-27936MEDIUMDiscourse discloses restricted post-action counts to non-privileged usersEPSS 0.3%CVE-2026-33470MEDIUMFrigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webpEPSS 0.3%CVE-2023-47142HIGHIBM Tivoli Application Dependency Discovery Manager privilege escalationEPSS 0.3%