Weaknesses of type CWE-285
1,302 resultsCVE-2026-50279HIGHCraft CMS: Authorship spoofing in `entries/save-entry` via pre-check/post-mutation authorization gapEPSS 0.2%CVE-2022-30730MEDIUMImproper authorization in Samsung Pass prior to 1.0.00.33 allows physical attackers to acess account list without authentication.EPSS 0.2%CVE-2022-30722MEDIUMImplicit Intent hijacking vulnerability in Samsung Account prior to SMR Jun-2022 Release 1 allows attackers to bypass user confirmation of SEPSS 0.2%CVE-2025-14889MEDIUMCampcodes Advanced Voting Management System Password voters_edit.php improper authorizationEPSS 0.2%CVE-2024-40814HIGHA downgrade issue was addressed with additional code-signing restrictions. This issue is fixed in macOS Sonoma 14.6, macOS Ventura 13.7. An EPSS 0.2%CVE-2026-49278MEDIUMRocket.Chat: Livechat Visitor Profile Disclosure Leaks Bearer Token and Enables Visitor ImpersonationEPSS 0.2%CVE-2026-33125HIGHFrigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accountsEPSS 0.2%CVE-2026-27912HIGHWindows Kerberos Elevation of Privilege VulnerabilityEPSS 0.2%CVE-2025-11080MEDIUMzhuimengshaonian wisdom-education ExamInfoController.java selectStudentExamInfoList improper authorizationEPSS 0.2%CVE-2026-1892LOWWeKan REST API boards.js setBoardOrgs improper authorizationEPSS 0.2%CVE-2025-62520MEDIUMMantisBT unauthorized disclosure of private project column configurationEPSS 0.2%CVE-2026-7663CRITICALUnauthenticated Cross-User MCP Resource Access and Tool Execution via Streamable Transport Authorization BypassEPSS 0.2%CVE-2026-42875MEDIUMExternal Secrets Operator: Namespace Isolation Bypass in CAProvider ConfigMap Resolution for SecretStoreEPSS 0.2%CVE-2026-24890HIGHOpenEMR Portal Users Can Forge Provider SignaturesEPSS 0.2%CVE-2026-34738MEDIUMAVideo: Video Publishing Workflow Bypass via Unauthorized overrideStatus Request ParameterEPSS 0.2%CVE-2026-21724MEDIUMMissing Protected-field Authorization in Provisioning Contact Points APIEPSS 0.2%CVE-2025-50073MEDIUMVulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware (component: Web Container). Supported versions that are affEPSS 0.2%CVE-2025-15119LOWJeecgBoot list queryPageList improper authorizationEPSS 0.2%CVE-2017-20238HIGHHirschmann Industrial HiVision Improper Authorization Privilege EscalationEPSS 0.2%CVE-2026-1894MEDIUMWeKan REST API checklistItems.js Checklist REST Bleed improper authorizationEPSS 0.2%