Weaknesses of type CWE-863

2,100 results
CVE-2023-47142HIGHIBM Tivoli Application Dependency Discovery Manager privilege escalationEPSS 0.3%CVE-2024-31402MEDIUMIncorrect authorization vulnerability in Cybozu Garoon 5.0.0 to 5.15.2 allows a remote authenticated attacker to delete the data of Shared TEPSS 0.3%CVE-2025-12924MEDIUMrymcu forest BankController.java GlobalResult authorizationEPSS 0.3%CVE-2025-49536HIGHColdFusion | Incorrect Authorization (CWE-863)EPSS 0.3%CVE-2026-42998MEDIUMAn issue was discovered in OpenStack Keystone before 29.0.2. The Keystone application credential authentication plugin does not verify that EPSS 0.3%CVE-2026-32693HIGHUnauthorized access to Kubernetes secrets in JujuEPSS 0.3%CVE-2026-42137HIGHKirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialogEPSS 0.3%CVE-2025-21563MEDIUMVulnerability in the PeopleSoft Enterprise CC Common Application Objects product of Oracle PeopleSoft (component: Run Control Management). EPSS 0.3%CVE-2026-46362HIGHphpMyFAQ - Authorization Bypass in Admin Pages via Non-Terminating Permission CheckEPSS 0.3%CVE-2025-3645MEDIUMMoodle: idor in messaging web service allows access to some user detailsEPSS 0.3%CVE-2026-35412HIGHDirectus has a TUS Upload Authorization Bypass Allows Arbitrary File OverwriteEPSS 0.3%CVE-2025-53902MEDIUMTuleap exposes artifacts to a mentioned user via email notificationsEPSS 0.3%CVE-2025-24401MEDIUMJenkins Folder-based Authorization Strategy Plugin 217.vd5b_18537403e and earlier does not verify that permissions configured to be granted EPSS 0.3%CVE-2023-29766HIGHAn issue found in CrossX v.1.15.3 for Android allows a local attacker to cause an escalation of Privileges via the database files.EPSS 0.3%CVE-2021-41528MEDIUMImproper authorization related to Import / Export interfaces on RISC PlatformEPSS 0.3%CVE-2026-44260HIGHefw4.X: readonly Flag Not Enforced Server-SideEPSS 0.3%CVE-2025-26526MEDIUMFeedback response viewing and deletions did not respect Separate Groups modeEPSS 0.3%CVE-2026-8350HIGHConcrete CMS 9.5.0 and below is vulnerable to missing authorization in the bulk_user_assignment.php which can lead to privilege escalation to Administrative GroupEPSS 0.3%CVE-2026-1897MEDIUMWeKan Position-History Tracking positionHistory.js PositionHistoryBleed authorizationEPSS 0.3%CVE-2024-22133MEDIUMImproper Access Control in SAP Fiori Front End ServerEPSS 0.3%