Weaknesses of type CWE-863

2,111 results
CVE-2025-3446MEDIUMMembers Without Guest Invite Permissions Can Add Guests to TeamsEPSS 0.2%CVE-2025-68422MEDIUMKibana Improper AuthorizationEPSS 0.2%CVE-2025-43789LOWJSON Web Services in Liferay Portal 7.4.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.9, 7.4 GA through update 92 publishedEPSS 0.2%CVE-2026-49369MEDIUMIn JetBrains YouTrack before 2026.1.13162 information disclosure was possible on Users and Groups pagesEPSS 0.2%CVE-2026-10860HIGHMISP CRUDComponent delete validation bypass via operator precedence errorEPSS 0.2%CVE-2024-48547HIGHIncorrect access control in the firmware update and download processes of DreamCatcher Life v1.8.7 allows attackers to access sensitive infoEPSS 0.2%CVE-2025-55077MEDIUMTyler Technologies ERP Pro 9 SaaS application escapeEPSS 0.2%CVE-2025-30163LOWNode based network policies may incorrectly allow workload trafficEPSS 0.2%CVE-2022-27609MEDIUMForcepoint One Endpoint prior to version 22.01 installed on Microsoft Windows does not provide sufficient anti-tampering protection of serviEPSS 0.2%CVE-2023-3379MEDIUMWAGO: Improper Privilege Management in web-based managementEPSS 0.2%CVE-2024-48545HIGHIncorrect access control in the firmware update and download processes of IVY Smart v4.5.0 allows attackers to access sensitive information EPSS 0.2%CVE-2025-62487LOWUnder certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files.EPSS 0.2%CVE-2026-5380MEDIUMrunZero Platform cleartext secret exposureEPSS 0.2%CVE-2026-33291MEDIUMDiscourse user can create Zendesk tickets even when it does not have access to topicEPSS 0.2%CVE-2026-45550CRITICALRoxy-WI: IDOR on PUT /smon/check — any user can rewrite any tenant's monitoring URL/IP/bodyEPSS 0.2%CVE-2025-65073HIGHOpenStack Keystone before 26.0.1, 27.0.0, and 28.0.0 allows a /v3/ec2tokens or /v3/s3tokens request with a valid AWS Signature to provide KeEPSS 0.2%CVE-2025-66423HIGHTryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, aEPSS 0.2%CVE-2026-23964MEDIUMMastodon has insufficient access control to push notification settingsEPSS 0.2%CVE-2025-27933MEDIUMUnauthorized Private-to-Public Channel ConversionEPSS 0.2%CVE-2025-24099MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A local EPSS 0.2%