Weaknesses of type CWE-863
2,101 resultsCVE-2026-49299MEDIUMIn OpenStack Neutron before 28.0.1, the tagging controller enforces plural policy action names on single-tag write operations while the defiEPSS 0.3%CVE-2025-3396MEDIUMIncorrect Authorization in GitLabEPSS 0.3%CVE-2022-37326HIGHDocker Desktop for Windows before 4.6.0 allows attackers to delete (or create) any file through the dockerBackendV2 windowscontainers/start EPSS 0.3%CVE-2026-32006LOWOpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group AllowlistEPSS 0.3%CVE-2025-52487HIGHDNN.PLATFORM possibly allows bypass of IP FiltersEPSS 0.3%CVE-2026-53721HIGHNuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcherEPSS 0.3%CVE-2026-57950HIGHruoyi-vue-pro - Incorrect Permission Namespace in ErpSaleOrderControllerEPSS 0.3%CVE-2024-47780LOWInformation Disclosure in TYPO3 Page TreeEPSS 0.3%CVE-2026-41888MEDIUMDistribution: Tag deletion bypasses `storage.delete.enabled` configurationEPSS 0.3%CVE-2025-48042HIGHBefore action hooks may execute in certain scenarios despite a request being forbiddenEPSS 0.3%CVE-2026-27802HIGHVaultwarden: Privilege Escalation via Bulk Permission Update to Unauthorized Collections by ManagerEPSS 0.3%CVE-2026-26308HIGHEnvoy has an RBAC Header Validation Bypass via Multi-Value Header ConcatenationEPSS 0.3%CVE-2026-45226HIGHHeym < 0.0.21 Authorization Bypass in Workflow ExecutionEPSS 0.3%CVE-2024-13290MEDIUMOhDear Integration - Moderately critical - Access bypass - SA-CONTRIB-2024-056EPSS 0.3%CVE-2025-8068MEDIUMHT Mega – Absolute Addons For Elementor <= 2.9.1 - Improper Authorization to Authenticated (Contributor+) Limited Administrator ActionsEPSS 0.3%CVE-2023-38486HIGHHardware Root of Trust Bypass in 9200 and 9000 Series Controllers and GatewaysEPSS 0.3%CVE-2025-59451LOWThe YoSmart YoLink application through 2025-10-02 has session tokens with unexpectedly long lifetimes.EPSS 0.3%CVE-2024-13302MEDIUMPages Restriction Access - Critical - Access bypass - SA-CONTRIB-2024-068EPSS 0.3%CVE-2025-24400MEDIUMJenkins Eiffel Broadcaster Plugin 2.8.0 through 2.10.2 (both inclusive) uses the credential ID as the cache key during signing operations, aEPSS 0.3%CVE-2025-21533MEDIUMVulnerability in the Oracle VM VirtualBox product of Oracle Virtualization (component: Core). Supported versions that are affected are PrioEPSS 0.3%