Weaknesses of type CWE-863

2,102 results
CVE-2026-45831HIGHThe SimpleRBACAuthorizationProvider authorization provider in versions 0.5.0 or later of the ChromaDB Python project evaluates whether a useEPSS 0.2%CVE-2025-54596MEDIUMAbnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.EPSS 0.2%CVE-2024-54010LOWUnauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switchesEPSS 0.2%CVE-2024-55592LOWAn incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 EPSS 0.2%CVE-2024-23250MEDIUMAn access issue was addressed with improved access restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17EPSS 0.2%CVE-2026-42438MEDIUMOpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment ReadsEPSS 0.2%CVE-2026-6863MEDIUMHTTP Filestore Endpoints Misapply Permissions Across OrganizationsEPSS 0.2%CVE-2023-30840MEDIUMOn a compromised node, the fluid-csi service account can be used to modify node specsEPSS 0.2%CVE-2026-3553LOWIncorrect Authorization in GitLabEPSS 0.2%CVE-2020-35501A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the EPSS 0.2%CVE-2025-14352MEDIUMAwesome Hotel Booking <= 1.0.3 - Incorrect Authorization to Unauthenticated Arbitrary Booking ModificationEPSS 0.2%CVE-2025-24869MEDIUMInformation Disclosure vulnerability in SAP NetWeaver Application Server JavaEPSS 0.2%CVE-2026-1497LOWIncorrect privilege assignment in composite databasesEPSS 0.2%CVE-2024-57969MEDIUMapp/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.EPSS 0.2%CVE-2026-48089HIGHDevGuard has improper authorization on public assetsEPSS 0.2%CVE-2025-3880MEDIUMPoll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.9.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings UpdateEPSS 0.2%CVE-2026-1999HIGHIncorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requestsEPSS 0.2%CVE-2025-43806MEDIUMBatch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GEPSS 0.2%CVE-2023-34146An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attackeEPSS 0.2%CVE-2023-34148An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attackeEPSS 0.2%