Weaknesses of type CWE-863

2,111 results
CVE-2026-11379MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2024-48540MEDIUMIncorrect access control in XIAO HE Smart 4.3.1 allows attackers to access sensitive information by analyzing the code and data within the AEPSS 0.2%CVE-2025-9228MEDIUMInsufficient authorization when creating notesEPSS 0.2%CVE-2023-26097HIGHAn issue was discovered in Telindus Apsal 3.14.2022.235 b. Unauthorized actions that could modify the application behaviour may not be blockEPSS 0.2%CVE-2026-34082MEDIUMDify has IDOR in deleting someone else's chat conversationEPSS 0.2%CVE-2026-6269MEDIUMIncorrect Authorization in GitLabEPSS 0.2%CVE-2025-66623HIGHStrimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operandsEPSS 0.2%CVE-2026-3525MEDIUMFile Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020EPSS 0.2%CVE-2026-7765MEDIUMUser Messages widget leaked issuer messages on shared dashboardsEPSS 0.2%CVE-2025-13985MEDIUMEntity Share - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-123EPSS 0.2%CVE-2023-38368MEDIUMIBM Security Access Manager Docker information disclosureEPSS 0.2%CVE-2025-4128LOWMattermost Guest User Information Disclosure VulnerabilityEPSS 0.2%CVE-2025-49810LOWThread summarization allows persistent access to channelEPSS 0.2%CVE-2026-29773MEDIUMkubewarden-controller cross-namespace data exfiltration via deprecated host callback bindingEPSS 0.2%CVE-2026-48772CRITICALProxySQL: PROXY-Protocol-v1 UNKNOWN parses spoofed source IP, bypassing mysql_query_rules.client_addr ACLEPSS 0.2%CVE-2026-44314MEDIUMTraccar: Missing edit authorization on device image upload allows read-only users to write filesEPSS 0.2%CVE-2025-43336MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS TahoEPSS 0.2%CVE-2026-52779MEDIUMOpenProject: Cross-project authorization bypass allows deleting public Calendar and Team Planner queries from unauthorized projectsEPSS 0.2%CVE-2026-1007HIGHIncorrect Authorization vulnerability in virtual gateway component in Devolutions Server allows attackers to bypass deny IP rules.This issueEPSS 0.2%CVE-2026-47236MEDIUMSolidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permissionEPSS 0.2%