Weaknesses of type CWE-863
2,080 resultsCVE-2022-22978—In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigureEPSS 10.0%CVE-2025-43564CRITICALColdFusion | Incorrect Authorization (CWE-863)EPSS 9.3%CVE-2020-36287—The dashboard gadgets preference resource of the Atlassian gadgets plugin used in Jira Server and Jira Data Center before version 8.13.5, anEPSS 9.0%CVE-2025-43565HIGHColdFusion | Incorrect Authorization (CWE-863)EPSS 8.9%CVE-2023-32629HIGHLocal privilege escalation vulnerability in Ubuntu Kernels overlayfs ovl_copy_up_meta_inode_data skip permission checks when calling ovl_do_EPSS 8.9%CVE-2023-5009CRITICALIncorrect Authorization in GitLabEPSS 8.3%CVE-2025-49825CRITICALTeleport allows remote authentication bypassEPSS 7.8%CVE-2026-32267HIGHCraft CMS Vulnerable to Privilege Escalation/Bypass through UsersController->actionImpersonateWithToken()EPSS 7.7%CVE-2026-47929HIGHColdFusion | Incorrect Authorization (CWE-863)EPSS 7.5%CVE-2021-24278—Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Arbitrary Nonce GenerationEPSS 7.4%CVE-2021-21276CRITICALPrivilege escalation in PolrEPSS 7.2%CVE-2022-21894MEDIUMSecure Boot Security Feature Bypass VulnerabilityEPSS 6.6%CVE-2021-29943—Apache Solr Unprivileged users may be able to perform unauthorized read/write to collectionsEPSS 5.3%CVE-2025-24200MEDIUMAn authorization issue was addressed with improved state management. This issue is fixed in iOS 15.8.4 and iPadOS 15.8.4, iOS 16.7.11 and iPEPSS 4.9%KEVCVE-2025-20701HIGHIn the Airoha Bluetooth audio SDK, there is a possible way to pair Bluetooth audio device without user consent. This could lead to remote esEPSS 4.2%CVE-2008-7109CRITICALThe Scanner File Utility (aka listener) in Kyocera Mita (KM) 3.3.0.1 allows remote attackers to bypass authorization and upload arbitrary fiEPSS 4.1%CVE-2023-22620HIGHAn issue was discovered in SecurePoint UTM before 12.2.5.1. The firewall's endpoint at /spcgi.cgi allows sessionid information disclosure viEPSS 3.9%CVE-2024-45260HIGHAn issue was discovered on certain GL-iNet devices, including MT6000, MT3000, MT2500, AXT1800, and AX1800 4.6.2. Users who belong to unauthoEPSS 3.9%CVE-2018-20685MEDIUMIn OpenSSH 7.9, scp.c in the scp client allows remote SSH servers to bypass intended access restrictions via the filename of . or an empty fEPSS 3.7%CVE-2021-32777HIGHIncorrect concatenation of multiple value request headers in ext-authz extensionEPSS 3.3%