Weaknesses of type CWE-285
1,285 resultsCVE-2023-6538HIGHSystem Management Unit (SMU) versions prior to 14.8.7825.01, used to manage Hitachi Vantara NAS products is susceptible to unintended information disclosure via unprivileged access to SMU configuration backup data.EPSS 1.6%CVE-2020-24404LOWIncorrect permissions in Integrations component could lead to unauthorized deletion of cmsPages via REST APIEPSS 1.6%CVE-2024-10654MEDIUMTOTOLINK LR350 formLoginAuth.htm authorizationEPSS 1.5%CVE-2020-24405MEDIUMIncorrect permissions in Inventory module could lead to unauthorized modification of inventory stock dataEPSS 1.5%CVE-2020-3150MEDIUMCisco Small Business RV110W and RV215W Series Routers Information Disclosure VulnerabilityEPSS 1.5%CVE-2021-32523CRITICALQSAN Storage Manager - Improper AuthorizationEPSS 1.5%CVE-2017-2632MEDIUMA logic error in valid_role() in CloudForms role validation before 5.7.1.3 could allow a tenant administrator to create groups with a higherEPSS 1.5%CVE-2025-31255CRITICALAn authorization issue was addressed with improved state management. This issue is fixed in iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS EPSS 1.5%CVE-2017-0926—Gitlab Community Edition version 10.3 is vulnerable to an improper authorization issue in the Oauth sign-in component resulting in unauthoriEPSS 1.5%CVE-2023-44410HIGHD-Link D-View showUsers Improper Authorization Privilege Escalation VulnerabilityEPSS 1.5%CVE-2021-41093HIGHAccount takeover when having only access to a user's short lived tokenEPSS 1.4%CVE-2022-3686MEDIUMSDM600 API permission checkEPSS 1.4%CVE-2023-21549HIGHWindows SMB Witness Service Elevation of Privilege VulnerabilityEPSS 1.4%CVE-2021-28563MEDIUMMagento Commerce improper Authorization via the 'Create Customer' endpointEPSS 1.4%CVE-2021-28506CRITICALAn issue has recently been discovered in Arista EOS where certain gNOI APIs incorrectly skip authorization and authentication which could potentially allow a factory reset of the device.EPSS 1.4%CVE-2018-3778—Improper authorization in aedes version <0.35.0 will publish a LWT in a channel when a client is not authorized.EPSS 1.4%CVE-2018-10906MEDIUMIn fuse before versions 2.9.8 and 3.x before 3.2.5, fusermount is vulnerable to a restriction bypass when SELinux is active. This allows nonEPSS 1.4%CVE-2021-3044CRITICALCortex XSOAR: Unauthorized Usage of the REST APIEPSS 1.4%CVE-2017-2689—Siemens RUGGEDCOM ROX I (all versions) allow an authenticated user to bypass access restrictions in the web interface at port 10000/TCP to oEPSS 1.4%CVE-2024-30061HIGHMicrosoft Dynamics 365 (On-Premises) Information Disclosure VulnerabilityEPSS 1.4%