Weaknesses of type CWE-863

2,102 results
CVE-2025-64490HIGHSuiteCRM's Inconsistent RBAC Enforcement Enables Access Control BypassEPSS 0.2%CVE-2026-6863MEDIUMHTTP Filestore Endpoints Misapply Permissions Across OrganizationsEPSS 0.2%CVE-2025-14352MEDIUMAwesome Hotel Booking <= 1.0.3 - Incorrect Authorization to Unauthenticated Arbitrary Booking ModificationEPSS 0.2%CVE-2025-54596MEDIUMAbnormal Security /v1.0/rbac/users_v2/{USER_ID}/ before 2025-02-19 allows downgrading the privileges of other user accounts.EPSS 0.2%CVE-2020-35501A flaw was found in the Linux kernels implementation of audit rules, where a syscall can unexpectedly not be correctly not be logged by the EPSS 0.2%CVE-2026-3553LOWIncorrect Authorization in GitLabEPSS 0.2%CVE-2024-23250MEDIUMAn access issue was addressed with improved access restrictions. This issue is fixed in iOS 17.4 and iPadOS 17.4, macOS Sonoma 14.4, tvOS 17EPSS 0.2%CVE-2023-30840MEDIUMOn a compromised node, the fluid-csi service account can be used to modify node specsEPSS 0.2%CVE-2024-54010LOWUnauthenticated Traffic Handling Flaw Allows Packet Leakage on HPE Aruba Networking CX 10000 series switchesEPSS 0.2%CVE-2026-42438MEDIUMOpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment ReadsEPSS 0.2%CVE-2024-55592LOWAn incorrect authorization vulnerability [CWE-863] in FortiSIEM 7.2 all versions, 7.1 all versions, 7.0 all versions, 6.7 all versions, 6.6 EPSS 0.2%CVE-2026-1497LOWIncorrect privilege assignment in composite databasesEPSS 0.2%CVE-2025-24869MEDIUMInformation Disclosure vulnerability in SAP NetWeaver Application Server JavaEPSS 0.2%CVE-2025-3880MEDIUMPoll, Survey & Quiz Maker Plugin by Opinion Stage <= 19.9.0 - Incorrect Authorization to Authenticated (Contributor+) Plugin Settings UpdateEPSS 0.2%CVE-2026-1999HIGHIncorrect Authorization vulnerability was identified in GitHub Enterprise Server that allowed unauthorized merging of pull requestsEPSS 0.2%CVE-2024-57969MEDIUMapp/Model/Attribute.php in MISP before 2.4.198 ignores an ACL during a GUI attribute search.EPSS 0.2%CVE-2026-48089HIGHDevGuard has improper authorization on public assetsEPSS 0.2%CVE-2023-34147An exposed dangerous function vulnerability in the Trend Micro Apex One and Apex One as a Service security agent could allow a local attackeEPSS 0.2%CVE-2023-3586MEDIUM Disabling publicly-shared boards does not disable existing publicly available board linksEPSS 0.2%CVE-2026-53905MEDIUMUnauthorized Access to Administrator ACL View in MCOEPSS 0.2%