Weaknesses of type CWE-863

2,102 results
CVE-2026-33461HIGHIncorrect Authorization in Kibana Fleet Leading to Information DisclosureEPSS 0.3%CVE-2026-23632MEDIUMGogs user can update repository content with read-only permissionEPSS 0.3%CVE-2026-23513HIGHFOSSBilling: Broken Authorization in Client Transaction and Order ListingsEPSS 0.3%CVE-2026-42426HIGHOpenClaw < 2026.4.8 - Improper Authorization in node.pair.approve via operator.write ScopeEPSS 0.3%CVE-2024-20510MEDIUMA vulnerability in the Central Web Authentication (CWA) feature of Cisco IOS XE Software for Wireless Controllers could allow an unauthenticEPSS 0.3%CVE-2024-36365MEDIUMIn JetBrains TeamCity before 2022.04.7, 2022.10.6, 2023.05.6, 2023.11.5, 2024.03.2 a third-party agent could impersonate a cloud agentEPSS 0.3%CVE-2026-42422HIGHOpenClaw < 2026.4.8 - Role Bypass in device.token.rotate FunctionEPSS 0.3%CVE-2026-28473HIGHOpenClaw < 2026.2.2 - Authorization Bypass via /approve Chat CommandEPSS 0.3%CVE-2026-28715MEDIUMSensitive information disclosure due to improper authorization checks. The following products are affected: Acronis Cyber Protect 17 (Linux,EPSS 0.3%CVE-2022-42788MEDIUMA permissions issue existed. This issue was addressed with improved permission validation. This issue is fixed in macOS Ventura 13. A maliciEPSS 0.3%CVE-2026-56268MEDIUMFlowise - Cross-Workspace Information Disclosure via chatflows/apikey EndpointEPSS 0.3%CVE-2025-12082HIGHCivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112EPSS 0.3%CVE-2026-25561HIGHWeKan < 8.19 Attachment Upload Object Relationship Validation BypassEPSS 0.3%CVE-2023-41077MEDIUMAn app may be able to access protected user data. This issue is fixed in macOS Sonoma 14, macOS Ventura 13.6.1. The issue was addressed withEPSS 0.3%CVE-2025-27602MEDIUMUmbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized ContentEPSS 0.3%CVE-2026-45002MEDIUMOpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template MappingEPSS 0.3%CVE-2024-42000LOWUnauthorized Access to view channels' detailsEPSS 0.3%CVE-2025-41346CRITICALStored Cross-Site Scripting (XSS) in WinPlus by Informática del EsteEPSS 0.3%CVE-2024-7108HIGHIncorrect Authorization in National Keep's CyberMathEPSS 0.3%CVE-2024-56348MEDIUMIn JetBrains TeamCity before 2024.12 improper access control allowed viewing details of unauthorized agentsEPSS 0.3%