Weaknesses of type CWE-863
2,111 resultsCVE-2026-30943MEDIUMGokapi has Privilege Escalation in File ReplaceEPSS 0.2%CVE-2026-28726MEDIUMSensitive information disclosure due to improper access control. The following products are affected: Acronis Cyber Protect 17 (Linux, WindoEPSS 0.2%CVE-2026-28724MEDIUMUnauthorized data access due to insufficient access control validation. The following products are affected: Acronis Cyber Protect 17 (LinuxEPSS 0.2%CVE-2024-40771HIGHThe issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS EPSS 0.2%CVE-2025-12038MEDIUMFolderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term DeletionEPSS 0.2%CVE-2025-2515HIGHBluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependenciesEPSS 0.2%CVE-2026-44561MEDIUMOpen WebUI: Deactivated Channel Members Retain Full Access to Group/DM ChannelsEPSS 0.2%CVE-2024-49501MEDIUMSysmac Studio provided by OMRON Corporation contains an incorrect authorization vulnerability. If this vulnerability is exploited, an attackEPSS 0.2%CVE-2026-41348LOWOpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash CommandsEPSS 0.2%CVE-2025-46702MEDIUMMattermost Playbooks allows privilege escalation through improper access control in playbook run participant managementEPSS 0.2%CVE-2026-26031LOWFrappe LMS affected by unauthorised user was able to access the full list of batch enrolled studentsEPSS 0.2%CVE-2025-43307MEDIUMThis issue was addressed with improved checks to prevent unauthorized actions. This issue is fixed in macOS Tahoe 26. An app may be able to EPSS 0.2%CVE-2026-30236MEDIUMOpenProject users that are not project members can be used to calculate Labor Budget, leaking their global hourly rateEPSS 0.2%CVE-2025-15395MEDIUMIBM Jazz Foundation access control violationEPSS 0.2%CVE-2026-45563MEDIUMRoxy-WI: IDOR — any authenticated user can read another user's full action historyEPSS 0.2%CVE-2026-41689MEDIUMWallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal servicesEPSS 0.2%CVE-2026-22822CRITICALExternal Secrets Operator insecurely retrieves secrets through the getSecretKey templating functionEPSS 0.2%CVE-2025-27512LOWZincati allows unprivileged access to rpm-ostree D-Bus `Deploy()` and `FinalizeDeployment()` methodsEPSS 0.2%CVE-2025-7374MEDIUMWP JobHunt <= 7.6 Authenticated (Custom+) Authorization BypassEPSS 0.2%CVE-2026-33460MEDIUMIncorrect Authorization in Kibana Fleet Leading to Information DisclosureEPSS 0.2%