Weaknesses of type CWE-285
1,285 resultsCVE-2022-1224MEDIUMImproper Authorization in phpipam/phpipamEPSS 1.0%CVE-2026-48579CRITICALMicrosoft Exchange Online Information Disclosure VulnerabilityEPSS 1.0%CVE-2021-21511HIGHDell EMC Avamar Server, versions 19.3 and 19.4 contain an Improper Authorization vulnerability in the web UI. A remote low privileged attackEPSS 1.0%CVE-2022-0587HIGHImproper Authorization in librenms/librenmsEPSS 1.0%CVE-2021-41100HIGHAccount takeover when having only access to a user's short lived token in wire-serverEPSS 1.0%CVE-2021-41976MEDIUMTad Uploader - Improper AuthorizationEPSS 1.0%CVE-2021-41564MEDIUMTad Honor - Improper AuthorizationEPSS 1.0%CVE-2021-41568MEDIUMTad Web - Improper AuthorizationEPSS 1.0%CVE-2019-13416—Search Guard versions before 24.3 had an issue when Cross Cluster Search (CCS) was enabled, authenticated users are always authorized on theEPSS 1.0%CVE-2021-21432HIGHReject unauthorized access with GitHub PATsEPSS 1.0%CVE-2017-0892—Nextcloud Server before 11.0.3 is vulnerable to an improper session handling allowed an application specific password without permission to EPSS 1.0%CVE-2021-41308—Affected versions of Atlassian Jira Server and Data Center allow authenticated yet non-administrator remote attackers to edit the File RepliEPSS 1.0%CVE-2021-22863—Improper access control in GitHub Enterprise Server leading to unauthorized changes to maintainer permissions on pull requestsEPSS 1.0%CVE-2022-29233MEDIUMImproper access control for breakout rooms in BigBlue ButtonEPSS 1.0%CVE-2019-13554—GE Mark VIe Controller has an unsecured Telnet protocol that may allow a user to create an authenticated session using generic default credeEPSS 1.0%CVE-2021-42330HIGHShinHer Information Co., LTD. ShinHer StudyOnline System - Improper Authorization-1EPSS 0.9%CVE-2018-0393—A Read-Only User Effect Change vulnerability in the Policy Builder interface of Cisco Policy Suite could allow an authenticated, remote attaEPSS 0.9%CVE-2017-2589HIGHIt was discovered that the hawtio servlet 1.4 uses a single HttpClient instance to proxy requests with a persistent cookie store (cookies arEPSS 0.9%CVE-2019-7479—A vulnerability in SonicOS allow authenticated read-only admin can elevate permissions to configuration mode. This vulnerability affected SoEPSS 0.9%CVE-2021-3616CRITICALA vulnerability was reported in Lenovo Smart Camera X3, X5, and C2E that could allow an unauthorized user to view device information, alter EPSS 0.9%