Weaknesses of type CWE-266

963 results
CVE-2019-19345HIGHA vulnerability was found in all openshift/mediawiki-apb 4.x.x versions prior to 4.3.0, where an insecure modification vulnerability in the EPSS 0.3%CVE-2026-9484MEDIUMSourceCodester Student Grades Management System classroom.php removeStudentFromClassroom improper authorizationEPSS 0.3%CVE-2026-11521MEDIUMMohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorizationEPSS 0.3%CVE-2026-2676MEDIUMGoogTech sms-ssm API LoginInterceptor.java preHandle improper authorizationEPSS 0.3%CVE-2026-1597MEDIUMBdtask SalesERP Administrative Endpoint improper authorizationEPSS 0.3%CVE-2026-7713MEDIUMcrocodilestick Calibre-Web-Automated Kobo auth-token Route kobo_auth.py generate_auth_token improper authorizationEPSS 0.3%CVE-2023-29066LOWIncorrect User ManagementEPSS 0.3%CVE-2026-11532MEDIUMimvks786 student_management_system Student Record add.php access controlEPSS 0.3%CVE-2025-48741MEDIUMA Broken Access Control vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, and 5.4.0 before 5.4.10 allows remote,EPSS 0.3%CVE-2024-23794MEDIUMAgents are able to lock the ticket without the "Owner" permissionEPSS 0.3%CVE-2025-15123LOWJeecgBoot datarule improper authorizationEPSS 0.3%CVE-2026-10876MEDIUMSourceCodester Ship Ferry Ticket Reservation System admin improper authorizationEPSS 0.3%CVE-2025-15124LOWJeecgBoot list getParameterMap improper authorizationEPSS 0.3%CVE-2026-3668LOWFreedom Factory dGEN1 org.ethosmobile.webpwaemul AndroidEthereum access controlEPSS 0.3%CVE-2025-15125LOWJeecgBoot queryDepartPermission improper authorizationEPSS 0.3%CVE-2025-15122LOWJeecgBoot datarule loadDatarule improper authorizationEPSS 0.3%CVE-2025-10422MEDIUMnewbee-mall Order Status paySuccess improper authorizationEPSS 0.3%CVE-2025-27028MEDIUMRead access of deprivileged Radiflow iSAP Smart Collector userEPSS 0.3%CVE-2025-5390MEDIUMJeeWMS File filedeal.do filedeal access controlEPSS 0.3%CVE-2024-23288HIGHThis issue was addressed by removing the vulnerable code. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17.4, watEPSS 0.3%