Weaknesses of type CWE-863

2,110 results
CVE-2024-2378HIGHA vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected inEPSS 0.2%CVE-2026-31805MEDIUMDiscourse has a poll authorization bypass via post_id array parameterEPSS 0.2%CVE-2026-54320HIGHDaytona: Cross-tenant organization takeover via invitation acceptance with an unverified emailEPSS 0.2%CVE-2025-46744LOWImproper Privilege ManagementEPSS 0.2%CVE-2026-47195HIGHQuest Bot: Per-channel permission overwrite bypass in purge and slowmode commands.EPSS 0.2%CVE-2025-40669HIGHIncorrect Authorization vulnerability in TCMAN GIMEPSS 0.2%CVE-2025-69414HIGHPlex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient accessEPSS 0.2%CVE-2026-40155MEDIUMAuth0 Next.js SDK has Improper Proxy Cache LookupEPSS 0.2%CVE-2026-31838MEDIUMIstio HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access.EPSS 0.2%CVE-2026-39331HIGHChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary FamiliesEPSS 0.2%CVE-2026-9791MEDIUMKeycloak-rhel9: organization data leak after feature disabled in keycloakEPSS 0.2%CVE-2026-33015MEDIUMEVerest has RemoteStop Bypass via BCB Toggle Session RestartEPSS 0.2%CVE-2024-9136MEDIUMAccess permission verification vulnerability in the App Multiplier module Impact: Successful exploitation of this vulnerability may affect sEPSS 0.2%CVE-2026-41427HIGHBetter Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clientsEPSS 0.2%CVE-2026-31801HIGHzot create-only policy allows overwrite attempts of existing latest tag (update permission not required)EPSS 0.2%CVE-2025-54533MEDIUMIn JetBrains TeamCity before 2025.07 improper access control allowed disclosure of build settings via VCS configurationEPSS 0.2%CVE-2026-42280HIGHImproper Permission Checking in Auth.js SDKEPSS 0.2%CVE-2026-35482HIGHalf.io has an Authenticated RCE via Extension Script Sandbox EscapeEPSS 0.2%CVE-2026-46823HIGHVulnerability in the Oracle Public Sector Financials (International) product of Oracle E-Business Suite (component: Authorization). SupportEPSS 0.2%CVE-2026-54518MEDIUMjackson-databind: @JsonView bypass for unwrapped creator parameters in jackson-databindEPSS 0.2%