Weaknesses of type CWE-285

1,302 results
CVE-2026-12770MEDIUMBerriAI litellm Admin Key key_management_endpoints.py improper authorizationEPSS 0.3%CVE-2024-3027MEDIUMSmart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File UploadEPSS 0.3%CVE-2025-10819MEDIUMfuyang_lipengjun platform queryAll UserCouponController improper authorizationEPSS 0.3%CVE-2025-10820MEDIUMfuyang_lipengjun platform queryAll TopicController improper authorizationEPSS 0.3%CVE-2025-6713HIGHMongoDB Server may be susceptible to privilege escalation due to $mergeCursors stageEPSS 0.3%CVE-2026-46605MEDIUMApache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removalEPSS 0.3%CVE-2025-24376MEDIUMThe kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resourcesEPSS 0.3%CVE-2025-65021CRITICALRallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR)EPSS 0.3%CVE-2023-28055HIGH Dell NetWorker, Version 19.7 has an improper authorization vulnerability in the NetWorker client. An unauthenticated attacker within the saEPSS 0.3%CVE-2025-15126LOWJeecgBoot getPositionUserList improper authorizationEPSS 0.3%CVE-2026-6564MEDIUMEMQ EMQX Enterprise Session Handling improper authorizationEPSS 0.3%CVE-2024-9531MEDIUMMultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email SendingEPSS 0.3%CVE-2024-56335HIGHPrivilege escalation allows organization groups to be updated/deleted if their UUID is known in vaultwardenEPSS 0.3%CVE-2024-11768MEDIUMDownload manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected FilesEPSS 0.3%CVE-2025-64063CRITICALPrimakon Pi Portal 1.0.18 API endpoints fail to enforce sufficient authorization checks when processing requests. Specifically, a standard uEPSS 0.3%CVE-2023-0665MEDIUMVault PKI Issuer Endpoint Did Not Correctly Authorize Access to Issuer MetadataEPSS 0.3%CVE-2025-10374MEDIUMShenzhen Sixun Business Management System OperatorStop improper authorizationEPSS 0.3%CVE-2025-65094HIGHWBCE CMS is Vulnerable to Privilege Escalation via Group ID Manipulation (IDOR)EPSS 0.3%CVE-2025-63691CRITICALIn pig-mesh In Pig version 3.8.2 and below, within the Token Management function under the System Management module, the token query interfaEPSS 0.3%CVE-2026-2733LOWOrg.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocolEPSS 0.3%