Weaknesses of type CWE-863
2,110 resultsCVE-2026-54398MEDIUMMISP object edit authorization bypass allows unauthorized sharing group assignmentEPSS 0.2%CVE-2025-27089MEDIUMOverlapping policies allow update to non-allowed fields in directusEPSS 0.2%CVE-2025-62243MEDIUMInsecure direct object reference (IDOR) vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 tEPSS 0.2%CVE-2026-44564MEDIUMOpen WebUI: Read-Only Users Can Modify Collaborative Documents via Socket.IOEPSS 0.2%CVE-2026-33551LOWAn issue was discovered in OpenStack Keystone 14 through 26 before 26.1.1, 27.0.0, 28.0.0, and 29.0.0. Restricted application credentials caEPSS 0.2%CVE-2025-24920MEDIUMUnauthorized Bookmark Creation and Modification in Archived ChannelsEPSS 0.2%CVE-2026-40071MEDIUMpyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actionsEPSS 0.2%CVE-2025-27571MEDIUMChannel metadata visible in archived channels despite configuration settingEPSS 0.2%CVE-2025-24121LOWA logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS Ventura 13.7.3. An aEPSS 0.2%CVE-2026-45316LOWOpen WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)EPSS 0.2%CVE-2025-24114MEDIUMA permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.3, macOS Sonoma 14.7.3, macOS VenturEPSS 0.2%CVE-2025-66378MEDIUMPexip Infinity 38.0 and 38.1 before 39.0 has insufficient access control in the RTMP implementation, allowing an attacker to disconnect RTMPEPSS 0.2%CVE-2026-4265MEDIUMGuest user can upload files without permission across teamsEPSS 0.2%CVE-2025-43904MEDIUMIn SchedMD Slurm before 24.11.5, 24.05.8, and 23.11.11, the accounting system can allow a Coordinator to promote a user to Administrator.EPSS 0.2%CVE-2026-33424MEDIUMPM access granted through invites after access revocationEPSS 0.2%CVE-2024-44247MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A maliciEPSS 0.2%CVE-2024-2378HIGHA vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected inEPSS 0.2%CVE-2025-68660MEDIUMDiscourse AI Discover's continue conversation allows threat actor to impersonate userEPSS 0.2%CVE-2025-43230MEDIUMThe issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15EPSS 0.2%CVE-2026-48776MEDIUMLangGraph SDK has unsafe URL path constructionEPSS 0.2%