CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285

CVE-2026-20960 HIGH

Microsoft Power Apps - Code Injection

CVSS 8.0

CVE-2026-22252 CRITICAL

LibreChat < 0.8.2-rc2 - Authenticated Remote Code Execution via MCP Stdio Transport

CVSS 9.1

CVE-2026-22042 HIGH

RustFS < 1.0.0-alpha.79 - Unauthorized IAM Import via Incorrect Action Validation

CVSS 8.8

CVE-2026-0574 MEDIUM

yeqifu warehouse <aaf29962ba407d22d991781de28796ee7b4670e4 - Privil...

CVSS 6.3

CVE-2025-68712 MEDIUM

SpSoft AppLock 7.9.40 - Authentication Bypass via Insecure Interface Navigation

CVSS 5.5

CVE-2025-43289 MEDIUM

macOS < 14.8, < 15.7, < 26 - Unprotected User Data Exposure via Logic Issue

CVSS 5.5

CVE-2025-9988 MEDIUM

Broadstreet <= 1.53.1 - Missing Authorization to Authenticated (Subscriber+) Advertiser Creation

CVSS 4.3

CVE-2025-67259 MEDIUM

ClassroomIO 0.1.13 - Broken Access Control

CVSS 6.5

CVE-2025-10731 MEDIUM

ReviewX – WooCommerce Product Reviews with Multi-Criteria, Reminder Emails, Google Reviews, Schema & More <= 2.2.12 - Unauthenticated Sensitive Information Exposure to Data Export

CVSS 5.3

CVE-2025-10736 MEDIUM

ReviewX <= 2.2.10 - Unauthenticated Data Access via userAccessibility()

CVSS 6.5

CVE-2025-15582 MEDIUM

detronetdip E-commerce 1.0.0 - Auth Bypass

CVSS 5.4

CVE-2025-71242 MEDIUM

SPIP <4.3.6/4.2.17/4.1.20 - Info Disclosure

CVSS 6.5

CVE-2025-4521 HIGH

IDonate WordPress Plugin 2.1.5-2.1.9 - Privilege Escalation

CVSS 8.8

CVE-2025-43403 MEDIUM

macOS <15.7.4/<14.8.4 - Info Disclosure

CVSS 5.5

CVE-2025-30508 MEDIUM

Intel(R) Quick Assist Technology - DoS

CVSS 6.5

CVE-2025-59100 MEDIUM

SQLite Database Export - Info Disclosure

CVE-2025-14348 MEDIUM

weMail < 2.0.7 - Unauthenticated Authorization Bypass via x-wemail-user Header

CVSS 5.3

CVE-2025-67603 MEDIUM

Foomuuri < 0.31 - Improper Authorization

CVE-2025-12958 LOW

Rankology SEO & Analytics Tool <2.0 - Info Disclosure

CVSS 2.7

CVE-2025-9294 MEDIUM

Quiz and Survey Master (QSM) <= 10.3.1 - Authenticated Unauthorized Data Deletion via qsm_dashboard_delete_result

CVSS 4.3

CVE-2025-61781 HIGH

OpenCTI < 6.8.1 - Unauthenticated Authorization Bypass via WorkspacePopoverDeletionMutation

CVSS 7.1

CVE-2025-15213 MEDIUM

Student File Management System 1.0 - Improper Authorization via File Download Handler

CVSS 4.3

CVE-2025-15126 LOW

JeecgBoot < 3.9.0 - Improper Authorization via PositionId Argument in getPositionUserList

CVSS 3.1

CVE-2025-15125 LOW

JeecgBoot < 3.9.0 - Improper Authorization via departId Parameter in queryDepartPermission

CVSS 3.1

CVE-2025-15124 LOW

JeecgBoot < 3.9.0 - Improper Authorization via departId Parameter in sysDepartPermission

CVSS 3.1

Details

Vulnerabilities 1,318

Exploit Likelihood High

Links