CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,213 vulnerabilities with CWE-285
CVE-2026-7510 MEDIUM
OWAP DefectDojo Benchmark/Engagement/Product/Survey authorization
CVSS 6.3
CVE-2026-7505 HIGH
nextlevelbuilder GoClaw/GoClaw Lite RPC improper authorization
CVSS 7.3
CVE-2026-7502 MEDIUM
LinkStackOrg LinkStack Management Endpoint UserController.php saveLink authorization
CVSS 5.4
CVE-2026-2892 HIGH
Otter Blocks <= 3.1.4 - Improper Authorization to Unauthenticated Purchase Verification Bypass via Forged Cookie
CVSS 7.5
CVE-2026-7292 MEDIUM
o2oa NodeAgent NodeAgent.java syncFile improper authorization
CVSS 5.6
CVE-2026-5781 HIGH
Multiple vulnerabilities in MphRx's Minerva
CVE-2026-7145 MEDIUM
mettle sendportal Invitation WorkspaceInvitationsController.php destroy authorization
CVSS 5.4
CVE-2026-7144 MEDIUM
1000 Projects Portfolio Management System MCA update_passwd_process.php authorization
CVSS 4.3
CVE-2026-7142 MEDIUM
Wooey API Endpoint scripts.py add_or_update_script improper authorization
CVSS 6.3
CVE-2026-7109 MEDIUM
code-projects Invoice System in Laravel API Endpoint item improper authorization
CVSS 5.3
CVE-2026-7093 MEDIUM
code-projects Invoice System in Laravel Invoice Endpoint invoice improper authorization
CVSS 6.3
CVE-2026-7092 MEDIUM
code-projects Invoice System in Laravel Profile profile improper authorization
CVSS 6.3
CVE-2026-7091 MEDIUM
code-projects Invoice System in Laravel User Management user improper authorization
CVSS 6.3
CVE-2026-6977 HIGH
vanna-ai vanna Legacy Flask API improper authorization
CVSS 7.3
CVE-2026-34321 MEDIUM
Oracle Financial Services Analytical Applications Infrastructure 8.0.7.9 - RCE
CVSS 4.8
CVE-2026-34320 HIGH
Oracle Financial Services Customer Screening 8.1.2.8.0 - Info Disclosure
CVSS 7.5
CVE-2026-34315 MEDIUM
Oracle WebLogic Server 12.2.1.4.0 - RCE
CVSS 6.5
CVE-2026-6634 MEDIUM
usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization
CVSS 6.3
CVE-2026-6614 MEDIUM
TransformerOptimus SuperAGI project.py get_projects_organisation authorization
CVSS 6.3
CVE-2026-6613 MEDIUM
TransformerOptimus SuperAGI agent.py get_schedule_data authorization
CVSS 6.3
CVE-2026-6612 MEDIUM
TransformerOptimus SuperAGI Agent Execution Endpoint agent_execution.py update_agent_execution authorization
CVSS 6.3
CVE-2026-6609 MEDIUM
liangliangyy DjangoBlog views.py form_valid improper authorization
CVSS 6.3
CVE-2026-6586 MEDIUM
TransformerOptimus SuperAGI Budget Endpoint budget.py update_budget authorization
CVSS 6.3
CVE-2026-6585 MEDIUM
TransformerOptimus SuperAGI Organisation Update Endpoint organisation.py update_organisation authorization
CVSS 5.4
CVE-2026-6584 MEDIUM
TransformerOptimus SuperAGI User Update Endpoint user.py update_user authorization
CVSS 5.4
Details
Vulnerabilities 1,213
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits