CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2026-2107 MEDIUM
yeqifu warehouse - Improper Authorization in Log Info Handler
CVSS 6.3
CVE-2026-2106 MEDIUM
yeqifu warehouse - Incorrect Privilege Assignment in Notice Management
CVSS 6.3
CVE-2026-2105 MEDIUM
yeqifu warehouse - Incorrect Privilege Assignment in Department Management
CVSS 6.3
CVE-2026-2079 MEDIUM
yeqifu warehouse - Incorrect Privilege Assignment in Menu Management
CVSS 6.3
CVE-2026-2078 MEDIUM
yeqifu warehouse - Incorrect Privilege Assignment in Permission Management
CVSS 6.3
CVE-2026-2077 MEDIUM
yeqifu warehouse - Incorrect Privilege Assignment in Role Management Handler
CVSS 6.3
CVE-2026-2076 MEDIUM
yeqifu warehouse < 2025-10-06 - Improper Authorization in User Management Endpoint
CVSS 6.3
CVE-2026-25724 HIGH
Claude Code <2.1.7 - Info Disclosure
CVSS 7.5
CVE-2026-2015 MEDIUM
Portabilis i-Educar <2.10 - Privilege Escalation
CVSS 6.3
CVE-2026-2010 MEDIUM
Sanluan PublicCMS <4.0-6.202506.d - Privilege Escalation
CVSS 4.2
CVE-2026-23623 MEDIUM
Collabora Online <25.04.08.2, <23.05.20.1, <24.04.17.3, <25.04.7.5 ...
CVSS 5.3
CVE-2026-1894 MEDIUM
Wekan < 8.21 - Improper Authorization via REST API Checklist Items Manipulation
CVSS 6.3
CVE-2026-1892 MEDIUM
Wekan < 8.21 - Improper Authorization via setBoardOrgs Function
CVSS 5.0
CVE-2026-1733 MEDIUM
crmeb < 5.6.3 - Improper Authorization via Order ID Manipulation
CVSS 4.3
CVE-2026-1702 MEDIUM
Pet Grooming Management Software 1.0 - Incorrect Privilege Assignment in User Management
CVSS 6.3
CVE-2026-1597 MEDIUM
Bdtask SalesERP <20260116 - Auth Bypass
CVSS 6.3
CVE-2026-1550 MEDIUM
PHPGurukul Hospital Management System 1.0 - Incorrect Privilege Assignment in Admin Dashboard Page
CVSS 6.3
CVE-2026-24835 HIGH
Podman Desktop <1.25.1 - Auth Bypass
CVSS 7.1
CVE-2026-24305 CRITICAL
Azure Entra ID < - Privilege Escalation
CVSS 9.3
CVE-2026-22022 HIGH
Apache Solr 5.3.0-9.10.0 - Improper Authorization in RuleBasedAuthorizationPlugin
CVSS 8.2
CVE-2026-21641 MEDIUM
Revive Adserver < 6.0.4 - Improper Authorization in Tracker Deletion
CVSS 6.5
CVE-2026-1193 MEDIUM
MineAdmin 1.x/2.x - Improper Authorization in View Interface
CVSS 6.3
CVE-2026-1141 MEDIUM
PHPGurukul News Portal 1.0 - Incorrect Privilege Assignment in Add Sub-Admin Page
CVSS 6.3
CVE-2026-1112 MEDIUM
PublicCMS < 5.202506.d - Improper Authorization via Trade Address Deletion Endpoint
CVSS 5.4
CVE-2026-1106 MEDIUM
Chamilo LMS <2.0.0 Beta 1 - Auth Bypass
CVSS 5.4
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits