CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2026-12213 MEDIUM
hcengineering Huly Platform User Information operations.ts getAccountInfo improper authorization
CVSS 4.3
CVE-2026-12204 HIGH
ShopXO Scheduled Task Endpoint Crontab.php GoodsGiveIntegral authorization
CVSS 7.3
CVE-2026-12190 MEDIUM
Genspark AI Workspace App ai.mainfunc.genspark improper authorization in handler for custom url scheme
CVSS 5.3
CVE-2026-12189 MEDIUM
Moovit Bus & Public Transit App com.tranzmate improper authorization in handler for custom url scheme
CVSS 5.3
CVE-2026-49397 MEDIUM
Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data
CVSS 5.3
CVE-2026-44208 MEDIUM
Frappe: IDOR in `submit_discussion()`
CVE-2026-12065 LOW
Groww Stock, Mutual Fund, Gold App WebView URL improper authorization in handler for custom url scheme
CVSS 1.8
CVE-2026-47342 HIGH
Apache OFBiz: Privilege Escalation via updateOrRemove Authorization Bypass
CVSS 8.8
CVE-2026-46668 LOW
SpiceDB: Caveat structures with nested lists can result in improper cache reuse
CVE-2026-47298 HIGH
Microsoft SharePoint Server Remote Code Execution Vulnerability
CVSS 8.0
CVE-2026-45503 HIGH
Microsoft Exchange Server Information Disclosure Vulnerability
CVSS 8.1
CVE-2026-45490 HIGH
Microsoft .NET - Local Privilege Escalation
CVSS 7.8
CVE-2026-42902 HIGH
Microsoft PowerToys Elevation of Privilege Vulnerability
CVSS 7.8
CVE-2026-11619 MEDIUM
Dolibarr ERP CRM Legacy Filemanager config.inc.php improper authorization
CVSS 6.3
CVE-2026-46484 HIGH
Headplane renameNode - Authenticated Path Traversal and RBAC Bypass
CVSS 8.1
CVE-2026-11533 MEDIUM
imvks786 student_management_system Student Deletion Endpoint see.php improper authorization
CVSS 5.4
CVE-2026-46656 HIGH
Bludit CMS has improper authorization and mediation failure leading to persistent ghost sessions
CVSS 8.8
CVE-2026-11521 MEDIUM
Mohammed-eid35 bank-management-system-springboot Transaction Endpoint TransactionController.java improper authorization
CVSS 6.3
CVE-2026-11519 MEDIUM
SourceCodester Inventory System Account Creation users_handler.php improper authorization
CVSS 6.3
CVE-2026-11500 MEDIUM
Weaviate Static API Key client.go validateConfig authorization
CVSS 5.0
CVE-2026-11476 MEDIUM
Kushan2k student-management-system Profile Update Endpoint AdminController.php edit-admin improper authorization
CVSS 6.3
CVE-2026-11462 HIGH
Chengdu Everbrite Network Technology BeikeShop Stripe Plugin StripeController.php callback improper authorization
CVSS 7.3
CVE-2026-11461 MEDIUM
NousResearch hermes-agent resume Endpoint hermes_state.py resolve_session_by_title authorization
CVSS 6.3
CVE-2026-11441 MEDIUM
theonedev Pull Request issues canAccessIssue improper authorization
CVSS 6.3
CVE-2026-11440 MEDIUM
theonedev REST API default-branch improper authorization
CVSS 6.3
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits