Weaknesses of type CWE-863

2,111 results
CVE-2024-44247MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A maliciEPSS 0.2%CVE-2026-33424MEDIUMPM access granted through invites after access revocationEPSS 0.2%CVE-2025-15023HIGHImproper Access Control in Yordam Informatics' Library Automation SystemEPSS 0.2%CVE-2026-48776MEDIUMLangGraph SDK has unsafe URL path constructionEPSS 0.2%CVE-2024-2378HIGHA vulnerability exists in the web-authentication component of the SDM600. If exploited an attacker could escalate privileges on af-fected inEPSS 0.2%CVE-2025-68660MEDIUMDiscourse AI Discover's continue conversation allows threat actor to impersonate userEPSS 0.2%CVE-2025-43230MEDIUMThe issue was addressed with additional permissions checks. This issue is fixed in iOS 18.6 and iPadOS 18.6, iPadOS 17.7.9, macOS Sequoia 15EPSS 0.2%CVE-2026-31805MEDIUMDiscourse has a poll authorization bypass via post_id array parameterEPSS 0.2%CVE-2026-47195HIGHQuest Bot: Per-channel permission overwrite bypass in purge and slowmode commands.EPSS 0.2%CVE-2026-54320HIGHDaytona: Cross-tenant organization takeover via invitation acceptance with an unverified emailEPSS 0.2%CVE-2025-46744LOWImproper Privilege ManagementEPSS 0.2%CVE-2025-40669HIGHIncorrect Authorization vulnerability in TCMAN GIMEPSS 0.2%CVE-2026-39331HIGHChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary FamiliesEPSS 0.2%CVE-2026-33015MEDIUMEVerest has RemoteStop Bypass via BCB Toggle Session RestartEPSS 0.2%CVE-2026-40155MEDIUMAuth0 Next.js SDK has Improper Proxy Cache LookupEPSS 0.2%CVE-2025-69414HIGHPlex Media Server (PMS) through 1.42.2.10156 allows retrieval of a permanent access token via a /myplex/account call with a transient accessEPSS 0.2%CVE-2026-9791MEDIUMKeycloak-rhel9: organization data leak after feature disabled in keycloakEPSS 0.2%CVE-2026-31838MEDIUMIstio HTTP debug endpoints on port 15014 to enforce namespace-based authorization, preventing cross-namespace proxy data access.EPSS 0.2%CVE-2026-31801HIGHzot create-only policy allows overwrite attempts of existing latest tag (update permission not required)EPSS 0.2%CVE-2026-41427HIGHBetter Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clientsEPSS 0.2%