Weaknesses of type CWE-863

2,101 results
CVE-2025-66360MEDIUMAn issue was discovered in Logpoint before 7.7.0. An improperly configured access control policy exposes sensitive Logpoint internal serviceEPSS 0.3%CVE-2026-6739MEDIUMMattermost: Delegated admins could patch protected default system rolesEPSS 0.3%CVE-2026-48152HIGHBudibase: Basic app users can exfiltrate stored REST datasource auth by rewriting datasource base URLEPSS 0.3%CVE-2026-33326MEDIUM@keystone-6/core: `isFilterable` bypass via `cursor` parameter in findManyEPSS 0.3%CVE-2026-28513HIGHPocket ID: OIDC authorization code validation uses AND instead of OR, allowing cross-client token exchangeEPSS 0.3%CVE-2025-2527MEDIUMImproper access control to group informationEPSS 0.3%CVE-2025-13480MEDIUMIncorrect authorization in Fudo EnterpriseEPSS 0.3%CVE-2026-3526MEDIUMFile Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021EPSS 0.3%CVE-2026-43504MEDIUMAn issue was discovered in Prosody before 0.12.6 and 1.0.0 through 13.0.0 before 13.0.5, when mod_proxy65 is enabled. Because mod_proxy65 miEPSS 0.3%CVE-2025-59111MEDIUMBroken Access Control in Windu CMSEPSS 0.3%CVE-2026-39966MEDIUMTypeBot: Async filter() bypasses authorization, allowing IDOR in getLinkedTypebots and leaking cross-workspace bot definitionsEPSS 0.3%CVE-2024-47172MEDIUMComputer Vision Annotation Tool (CVAT) access control is broken in several PATCH endpointsEPSS 0.3%CVE-2025-62730HIGHPrivilege Escalation via Incorrect Authorization in SOPlanningEPSS 0.3%CVE-2026-22170MEDIUMOpenClaw < 2026.2.22 BlueBubbles - Access Control Bypass via Empty allowFrom ConfigurationEPSS 0.3%CVE-2026-24742MEDIUMDiscourse staff action logs expose sensitive information to moderatorsEPSS 0.3%CVE-2026-41371HIGHOpenClaw < 2026.3.28 - Privilege Escalation via chat.send Reset CommandEPSS 0.3%CVE-2026-33527MEDIUMParse Server: Session update endpoint allows overwriting server-generated session fieldsEPSS 0.3%CVE-2026-21285MEDIUMAdobe Commerce | Incorrect Authorization (CWE-863)EPSS 0.3%CVE-2026-23925MEDIUMUnauthorized host creation via configuration.import API by low-privilege user with write permissionsEPSS 0.3%CVE-2025-6981MEDIUMIncorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized read-only accessEPSS 0.3%