Weaknesses of type CWE-863
2,092 resultsCVE-2025-13928HIGHIncorrect Authorization in GitLabEPSS 0.7%CVE-2022-23551MEDIUMAAD Pod Identity obtaining token with backslashEPSS 0.7%CVE-2025-48757CRITICALAn insufficient database Row-Level Security policy in Lovable through 2025-04-15 allows remote unauthenticated attackers to read or write toEPSS 0.7%CVE-2023-27716CRITICALAn issue was discovered in freakchicken kafkaUI-lite 1.2.11 allows attackers on the same network to gain escalated privileges for the nodes EPSS 0.7%CVE-2025-54888HIGH@fedify/fedify: Improper Authentication and Incorrect AuthorizationEPSS 0.7%CVE-2021-21318MEDIUMRemoving access may not effect published seriesEPSS 0.7%CVE-2024-0199HIGHIncorrect Authorization in GitLabEPSS 0.7%CVE-2023-39363CRITICALVyper incorrectly allocated named re-entrancy locksEPSS 0.7%CVE-2021-36778HIGHExposure of repository credentials to external third-party sourcesEPSS 0.7%CVE-2026-44998LOWOpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP ToolsEPSS 0.7%CVE-2024-6337MEDIUMIncorrect Authorization allows read access to issues in GitHub Enterprise ServerEPSS 0.7%CVE-2025-21555MEDIUMVulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.40 and prior, 8EPSS 0.7%CVE-2023-31435HIGHMultiple components (such as Onlinetemplate-Verwaltung, Liste aller Teilbereiche, Umfragen anzeigen, and questionnaire previews) in evasys bEPSS 0.7%CVE-2023-23064CRITICALTOTOLINK A720R V4.1.5cu.532_ B20210610 is vulnerable to Incorrect Access Control.EPSS 0.7%CVE-2023-48309MEDIUMnext-auth vulnerable to possible user mocking that bypasses basic authenticationEPSS 0.7%CVE-2024-28148MEDIUMApache Superset: Incorrect datasource authorization on explore REST API EPSS 0.7%CVE-2020-25167MEDIUMOSIsoft PI Vision Incorrect AuthorizationEPSS 0.7%CVE-2022-35692MEDIUMAdobe Commerce Improper Access Control Security feature bypassEPSS 0.7%CVE-2023-46906MEDIUMjuzaweb <= 3.4 is vulnerable to Incorrect Access Control, resulting in an application outage after a 500 HTTP status code. The payload in thEPSS 0.7%CVE-2024-31695CRITICALA misconfiguration in the fingerprint authentication mechanism of Binance: BTC, Crypto and NFTS v2.85.4, allows attackers to bypass authentiEPSS 0.7%