Weaknesses of type CWE-285
1,285 resultsCVE-2019-3785MEDIUMCloud Controller provides signed URL with write authorization to read only userEPSS 1.3%CVE-2020-5206HIGHAuthentication Bypass For Endpoints With Anonymous Access in OpenCastEPSS 1.3%CVE-2019-6581—A vulnerability has been identified in Siveillance VMS 2017 R2 (All versions < V11.2a), Siveillance VMS 2018 R1 (All versions < V12.1a), SivEPSS 1.3%CVE-2020-14486MEDIUMOpenClinic GAEPSS 1.3%CVE-2025-1361HIGHIP2Location Country Blocker <= 2.38.8 - Missing Authorization to Unauthenticated Information Exposure via admin_init FunctionEPSS 1.3%CVE-2017-0896—Zulip Server 1.5.1 and below suffer from an error in the implementation of the invite_by_admins_only setting in the Zulip group chat applicaEPSS 1.3%CVE-2022-0829MEDIUMImproper Authorization in webmin/webminEPSS 1.3%CVE-2020-5356HIGHDell PowerProtect Data Manager (PPDM) versions prior to 19.4 and Dell PowerProtect X400 versions prior to 3.2 contain an improper authorizatEPSS 1.3%CVE-2025-29659CRITICALYi IOT XY-3820 6.0.24.10 is vulnerable to Remote Command Execution via the "cmd_listen" function located in the "cmd" binary.EPSS 1.3%CVE-2020-5289MEDIUMRead permissions not enforced for client provided filter expressions in Elide http clientEPSS 1.3%CVE-2025-29827CRITICALAzure Automation Elevation of Privilege VulnerabilityEPSS 1.2%CVE-2024-38129HIGHWindows Kerberos Elevation of Privilege VulnerabilityEPSS 1.2%CVE-2021-41137HIGHBypassing policy restrictions on regular usersEPSS 1.2%CVE-2025-66301HIGHGrav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actionsEPSS 1.2%CVE-2019-2386HIGHAuthorization session conflationEPSS 1.2%CVE-2021-41974CRITICALTad Book3 - Improper AuthorizationEPSS 1.2%CVE-2019-3842MEDIUMIn systemd before v242-rc4, it was discovered that pam_systemd does not properly sanitize the environment before using the XDG_SEAT variableEPSS 1.2%CVE-2020-10620—Opto 22 SoftPAC Project Version 9.6 and prior. SoftPAC communication does not include any credentials. This allows an attacker with network EPSS 1.2%CVE-2019-1842MEDIUMCisco IOS XR Software Secure Shell Authentication VulnerabilityEPSS 1.2%CVE-2018-17933—VGo Robot (Versions 3.0.3.52164 and 3.0.3.53662. Prior versions may also be affected) connected to the VGo XAMPP. User accounts may be able EPSS 1.2%