Weaknesses of type CWE-863
2,111 resultsCVE-2025-24099MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. A local EPSS 0.2%CVE-2026-5952MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2025-10016HIGHLocal Privilege Escalation in Sparkle Autoupdate DaemonEPSS 0.2%CVE-2026-48507HIGHSnipe-IT: Bulk editing users allowed `ldap_import` and `activated_in` bulk editing usersEPSS 0.2%CVE-2026-53808MEDIUMOpenClaw < 2026.5.6 - Approval Policy Bypass in Skill Workshop Apply FlowEPSS 0.2%CVE-2025-11239LOWJob details are visible to all team members on KNIME Business HubEPSS 0.2%CVE-2026-2726MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-48860HIGHDistribution-over-TLS LAN allowlist silently bypassed due to sockname/peername confusion in inet_tls_distEPSS 0.2%CVE-2021-3456—An improper authorization handling flaw was found in Foreman. The Salt plugin for the smart-proxy allows foreman clients to execute actions EPSS 0.2%CVE-2026-12446MEDIUMInappropriate implementation in Passwords in Google Chrome prior to 149.0.7827.155 allowed a remote attacker to leak cross-origin data via aEPSS 0.2%CVE-2025-14943MEDIUMBlog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information ExposureEPSS 0.2%CVE-2025-20381MEDIUMSPL commands allowlist controls bypass in Splunk MCP Server app through "run_splunk_query" MCP toolEPSS 0.2%CVE-2026-9807MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-39381MEDIUMParse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields`EPSS 0.2%CVE-2026-5796MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2026-8074LOWImproper Permission Check Allows User Manager to Deactivate Bot AccountsEPSS 0.2%CVE-2025-1501MEDIUMIncorrect authorization for traces request/download in CMC before 25.1.0EPSS 0.2%CVE-2024-48542HIGHIncorrect access control in the firmware update and download processes of Yamaha Headphones Controller v1.6.7 allows attackers to access senEPSS 0.2%CVE-2024-48548CRITICALThe APK file in Cloud Smart Lock v2.0.1 has a leaked a URL that can call an API for binding physical devices. This vulnerability allows attaEPSS 0.2%CVE-2026-53834HIGHOpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash CommandsEPSS 0.2%