Weaknesses of type CWE-863
2,097 resultsCVE-2026-50559HIGHAuthentication/Authorization Bypass via Advanced Path Normalization VulnerabilitiesEPSS 0.4%CVE-2022-45435MEDIUMSailPoint IdentityIQ Access Control BypassEPSS 0.4%CVE-2024-39025HIGHIncorrect access control in the /users endpoint of Cpacker MemGPT v0.3.17 allows attackers to access sensitive data.EPSS 0.4%CVE-2023-3253MEDIUMImproper authorization in NessusEPSS 0.4%CVE-2025-40567HIGHA vulnerability has been identified in RUGGEDCOM RST2428P (6GK6242-6PA00) (All versions < V3.2), SCALANCE XCH328 (6GK5328-4TS01-2EC2) (All vEPSS 0.4%CVE-2025-21517MEDIUMVulnerability in the JD Edwards EnterpriseOne Tools product of Oracle JD Edwards (component: Web Runtime SEC). Supported versions that are EPSS 0.4%CVE-2023-52943MEDIUMIncorrect authorization vulnerability in Alert.Setting webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 aEPSS 0.4%CVE-2023-52944MEDIUMIncorrect authorization vulnerability in ActionRule webapi component in Synology Surveillance Station before 9.2.0-11289 and 9.2.0-9289 alloEPSS 0.4%CVE-2025-3475MEDIUMWEB-T - Moderately critical - Access bypass, Denial of service - SA-CONTRIB-2025-030EPSS 0.4%CVE-2026-32966HIGHApache DolphinScheduler: DataSource API Missing Authorization Check Leads to Arbitrary Data Source Metadata DisclosureEPSS 0.4%CVE-2025-0652MEDIUMIncorrect Authorization in GitLabEPSS 0.4%CVE-2025-3586HIGHIn Liferay Portal 7.4.3.27 through 7.4.3.42, and Liferay DXP 2024.Q1.1 through 2024.Q1.20, 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2EPSS 0.4%CVE-2025-12925MEDIUMrymcu forest UserDicController.java deleteDic authorizationEPSS 0.4%CVE-2025-26853CRITICALDESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.EPSS 0.4%CVE-2024-41670HIGHPayPal Official Module for PrestaShop has Improperly Implemented Security Check for StandardEPSS 0.4%CVE-2026-30229HIGHParse Server: Endpoint `/loginAs` allows `readOnlyMasterKey` to gain full read and write access as any userEPSS 0.4%CVE-2026-33489HIGHCoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparisonEPSS 0.4%CVE-2024-21249MEDIUMVulnerability in the PeopleSoft Enterprise FIN Expenses product of Oracle PeopleSoft (component: Expenses). The supported version that is EPSS 0.4%CVE-2024-21149HIGHVulnerability in the Oracle Enterprise Asset Management product of Oracle E-Business Suite (component: Work Definition Issues). Supported vEPSS 0.4%CVE-2026-32758MEDIUMFile Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination ParameterEPSS 0.4%