Weaknesses of type CWE-863
2,102 resultsCVE-2025-3913MEDIUMTeam Privacy Settings Authorization Bypass in Mattermost ServerEPSS 0.3%CVE-2025-13829HIGHIncorrect Authorization vulnerability in Data Illusion Zumbrunn NGSurvey allows any logged-in user to obtain the private information of any EPSS 0.3%CVE-2025-71278HIGHXenForo OAuth2 Unauthorized Scope RequestEPSS 0.3%CVE-2026-41233MEDIUMFroxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()EPSS 0.3%CVE-2020-36622MEDIUMsah-comp bienlein cross-site request forgeryEPSS 0.3%CVE-2024-49808MEDIUMIBM Sterling Connect:Direct Web Services improper authorizationEPSS 0.3%CVE-2026-25127HIGHOpenEMR has Broken Access Control on Care Coordination ModuleEPSS 0.3%CVE-2025-15525MEDIUMAjax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt ExposureEPSS 0.3%CVE-2026-28354MEDIUMClipBucket v5 has IDOR in Collection Item ManagementEPSS 0.3%CVE-2026-53577MEDIUMKestra: Cross-Execution File Read via Preview Endpoint (IDOR)EPSS 0.3%CVE-2025-54838MEDIUMAn Incorrect Authorization vulnerability [CWE-863] in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a sharedEPSS 0.3%CVE-2026-13484LOWMLflow Experiment-scoped Label Schema CRUD API authorizationEPSS 0.3%CVE-2025-30747MEDIUMVulnerability in the PeopleSoft Enterprise PeopleTools product of Oracle PeopleSoft (component: PIA Core Technology). Supported versions thEPSS 0.3%CVE-2026-41903MEDIUMFreeScout IDOR Vulnerability: PERM_EDIT_USERS allows modifying any user's notification subscriptions (incomplete fix of CVE-2025-48472)EPSS 0.3%CVE-2023-50946MEDIUMIBM Common Licensing information disclosureEPSS 0.3%CVE-2026-50266LOWIn OpenStack Neutron before 28.0.1, a project manager can create or update a port on a shared network owned by another project and set devicEPSS 0.3%CVE-2024-54495MEDIUMThe issue was addressed with improved permissions logic. This issue is fixed in macOS Sequoia 15.2, macOS Sonoma 14.7.2. An app may be able EPSS 0.3%CVE-2025-21539MEDIUMVulnerability in the PeopleSoft Enterprise FIN eSettlements product of Oracle PeopleSoft (component: eSettlements). The supported version EPSS 0.3%CVE-2025-65900MEDIUMKalmia CMS version 0.2.0 contains an Incorrect Access Control vulnerability in the /kal-api/auth/users API endpoint. Due to insufficient perEPSS 0.3%CVE-2025-24460MEDIUMIn JetBrains TeamCity before 2024.12.1 improper access control allowed to see Projects’ names in the agent poolEPSS 0.3%