Weaknesses of type CWE-863
2,111 resultsCVE-2026-41367MEDIUMOpenClaw 2026.2.14 < 2026.3.28 - Policy Enforcement Bypass in Discord Component InteractionsEPSS 0.2%CVE-2023-3485LOWInsecure Default Authorization in Temporal ServerEPSS 0.2%CVE-2023-7047—
Inadequate validation of permissions when employing remote tools and
macros via the context menu within Devolutions Remote Desktop ManagerEPSS 0.2%CVE-2026-6343MEDIUMMattermost Playbooks Plugin fails to enforce view permissions in list endpoints, allowing unauthorized access to public playbooksEPSS 0.2%CVE-2026-13508MEDIUMkhoj-ai khoj Conversation Sharing api_chat.py authorizationEPSS 0.2%CVE-2026-32067LOWOpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing StoreEPSS 0.2%CVE-2022-40682HIGHA incorrect authorization in Fortinet FortiClient (Windows) 7.0.0 - 7.0.7, 6.4.0 - 6.4.9, 6.2.0 - 6.2.9 and 6.0.0 - 6.0.10 allows an attackeEPSS 0.2%CVE-2025-13767MEDIUMUnauthorized Read Access to Private Channel Posts via Mattermost Jira PluginEPSS 0.2%CVE-2026-24692MEDIUMGuest users can bypass read permissions via search APIEPSS 0.2%CVE-2025-30440MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.5, macOS Sonoma 14.7.6, macOS Ventura 13.7.6. An app mEPSS 0.2%CVE-2026-41852LOWSpring Framework Arbitrary Method Invocation in SpEL ExpressionsEPSS 0.2%CVE-2025-68386MEDIUMKibana Improper AuthorizationEPSS 0.2%CVE-2025-1417MEDIUMInformation disclosure in Proget MDMEPSS 0.2%CVE-2026-9048MEDIUMSlider Revolution 7.0.0 - 7.0.14 - Incorrect Authorization to Authenticated (Contributor+) Sensitive Information ExposureEPSS 0.2%CVE-2026-5712HIGHIdentityIQ Role Editor Incorrect Authorization VulnerabilityEPSS 0.2%CVE-2025-1418MEDIUMInformation disclosure in Proget MDMEPSS 0.2%CVE-2026-33884MEDIUMStatamic's live preview token bypasses content protection for unrelated entriesEPSS 0.2%CVE-2025-11777LOWCross-team channel membership accessEPSS 0.2%CVE-2026-39402MEDIUMlxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletionEPSS 0.2%CVE-2026-49288MEDIUMStatamic CMS missing authorization on Control Panel fieldtype endpoints allows disclosure of restricted resourcesEPSS 0.2%