Weaknesses of type CWE-863

2,111 results
CVE-2026-6383MEDIUMKubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluationEPSS 0.1%CVE-2025-41436LOWUnauthorized access to archived channel content via threads interfaceEPSS 0.1%CVE-2024-0043HIGHIn multiple locations, there is a possible notification listener grant to an app running in the work profile due to a logic error in the codEPSS 0.1%CVE-2026-24029MEDIUMDNS over HTTPS ACL bypassEPSS 0.1%CVE-2026-22545LOWPassword Change Bypass via Auth Switch EndpointEPSS 0.1%CVE-2026-34507LOWOpenClaw < 2026.4.29 - Policy Bypass in QQBot Admin Commands via DM-only and allowFrom ChecksEPSS 0.1%CVE-2025-64707LOWFrappe LMS revoking access did not show immediate effect as roles were cachedEPSS 0.1%CVE-2025-53391CRITICALThe Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactivEPSS 0.1%CVE-2024-44305HIGHThis issue was addressed by removing the vulnerable code. This issue is fixed in macOS Sonoma 14.6. An app may be able to gain root privilegEPSS 0.1%CVE-2025-23262MEDIUMNVIDIA ConnectX contains a vulnerability in the management interface, where an attacker with local access could cause incorrect authorizatioEPSS 0.1%CVE-2026-45718MEDIUMBudibase: Row Action Trigger Bypasses View Row Filter Security Boundary Allowing Action on Out-of-Scope RowsEPSS 0.1%CVE-2025-64641MEDIUMMattermost Jira plugin crafted action leaks Jira issue detailsEPSS 0.1%CVE-2021-26387LOWInsufficient access controls in ASP kernel may allow a privileged attacker with access to AMD signing keys and the BIOS menu or UEFI shell tEPSS 0.1%CVE-2026-41131MEDIUMOpenFGA has Improper Policy EnforcementEPSS 0.1%CVE-2025-26330HIGHDell PowerScale OneFS, versions 9.4.0.0 through 9.10.0.1, contains an incorrect authorization vulnerability. An unauthenticated attacker witEPSS 0.1%CVE-2026-29179LOWOctober: Editor Sub-Permission Bypass for Asset and Blueprint File OperationsEPSS 0.1%CVE-2026-45692MEDIUMCaddy: Remote Admin Authorization Bypass in `/config` API via Array Index NormalizationEPSS 0.1%CVE-2025-6707MEDIUMRace condition in privilege cache invalidation cycleEPSS 0.1%CVE-2023-25185LOWAn issue was discovered on NOKIA Airscale ASIKA Single RAN devices before 21B. A mobile network solution internal fault was found in Nokia SEPSS 0.1%CVE-2026-4286LOWPlaybooks Plugin fails to validate team transfers, allowing unauthorized removal of member access via playbook updateEPSS 0.1%