Weaknesses of type CWE-863
2,111 resultsCVE-2026-22822CRITICALExternal Secrets Operator insecurely retrieves secrets through the getSecretKey templating functionEPSS 0.2%CVE-2026-54096HIGHFile Browser: Improper Access Control Occurs via Pre-Created Public Share for a Non-existent PathEPSS 0.2%CVE-2024-3511MEDIUMIncorrect Authorization in Multiple WSO2 Products Allows Unauthorized Access to Registry Versioned FilesEPSS 0.2%CVE-2026-42312MEDIUMpyload-ng: non-admin SETTINGS users can disable outbound TLS peer verificationEPSS 0.2%CVE-2025-24479HIGHFactoryTalk® View Machine Edition - Local Code InjectionEPSS 0.2%CVE-2026-42547MEDIUMIRIS Alerts Can be Falsely Attributed to CustomersEPSS 0.2%CVE-2026-5382LOWrunZero Platform MCP endpoint information leakEPSS 0.2%CVE-2024-47560HIGHRevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended EPSS 0.2%CVE-2026-5381LOWrunZero Platform task information leakEPSS 0.2%CVE-2026-27780—Gitea pre-receive hook can miss branch-protection checks after scanner errorsEPSS 0.2%CVE-2026-32906LOWOpenClaw < 2026.5.12 - Privilege Escalation in Slack Plugin Approvals via Exec Approver GateEPSS 0.2%CVE-2023-46139MEDIUMKernelSU signature validation mismatchEPSS 0.2%CVE-2025-25251HIGHAn Incorrect Authorization vulnerability [CWE-863] in FortiClient Mac 7.4.0 through 7.4.2, 7.2.0 through 7.2.8, 7.0.0 through 7.0.14 may allEPSS 0.2%CVE-2026-3103MEDIUMDeletion of passwords via RestApiEPSS 0.2%CVE-2025-11776MEDIUMGuest user can discover archived public channelsEPSS 0.2%CVE-2025-67490MEDIUMAuth0 Next.js SDK has Improper Request Caching LookupEPSS 0.2%CVE-2026-56694MEDIUMNanoClaw < 2.1.0 - Privilege Escalation via Forged Channel Approval CallbackEPSS 0.2%CVE-2026-41909MEDIUMOpenClaw < 2026.4.20 - Improper Authorization in Paired-Device Pairing ActionsEPSS 0.2%CVE-2026-53860LOWOpenClaw < 2026.5.7 - Sender Policy Bypass via Mutable Conversation Identifiers in BlueBubblesEPSS 0.2%CVE-2026-44374MEDIUMBackstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checksEPSS 0.2%