Weaknesses of type CWE-863

2,111 results
CVE-2025-62189MEDIUMLogStare Collector contains an incorrect authorization vulnerability in UserRegistration. If exploited, a non-administrative user may createEPSS 0.2%CVE-2025-10696HIGHOpenSupports 4.11.0 — Insecure Direct Object Reference in supervised listEPSS 0.2%CVE-2024-24966MEDIUMF5OS vulnerabilityEPSS 0.2%CVE-2024-44172LOWA privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Sequoia 15, macOS Sonoma 14EPSS 0.2%CVE-2026-21274HIGHDreamweaver Desktop | Incorrect Authorization (CWE-863)EPSS 0.2%CVE-2025-61830HIGHAdobe Pass | Incorrect Authorization (CWE-863)EPSS 0.2%CVE-2025-11888LOWShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status UpdateEPSS 0.2%CVE-2024-44301MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.1, macOS Sonoma 14.7.1, macOS Ventura 13.7.1. A maliciEPSS 0.2%CVE-2025-53922LOWGalette has access control bypassEPSS 0.2%CVE-2024-48544HIGHIncorrect access control in the firmware update and download processes of Sylvania Smart Home v3.0.3 allows attackers to access sensitive inEPSS 0.2%CVE-2024-48546HIGHIncorrect access control in the firmware update and download processes of Wear Sync v1.2.0 allows attackers to access sensitive information EPSS 0.2%CVE-2025-43197MEDIUMThis issue was addressed with additional entitlement checks. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 1EPSS 0.2%CVE-2024-40843MEDIUMThe issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15. An app may be able to modify protected parts of the fEPSS 0.2%CVE-2024-48541HIGHIncorrect access control in the firmware update and download processes of Ruochan Smart v4.4.7 allows attackers to access sensitive informatEPSS 0.2%CVE-2026-45081MEDIUMFrappe HR: Permission Bypass in HRMS Leave Details APIEPSS 0.2%CVE-2026-9808HIGHAn authorization bypass vulnerability exists in the Mautic 7 API v2 endpoints (utilizing API Platform). Under certain conditions, roles confEPSS 0.2%CVE-2026-58424HIGHPermanent Fork PR Workflow Approval Gate BypassEPSS 0.2%CVE-2026-10211MEDIUMAstrBotDevs AstrBot fs.py _normalize_rw_path authorizationEPSS 0.2%CVE-2025-27715LOWAuto-Enrollment of Team Admins into Private Channels without explicit consentEPSS 0.2%CVE-2026-55189HIGHRustFS: FTP frontend skips IAM authorization on object readsEPSS 0.2%