The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
1,318 vulnerabilities with CWE-285
CVE-2025-15123
LOW
JeecgBoot < 3.9.0 - Improper Authorization via /sys/sysDepartPermission/datarule/
CVSS 3.1
CVE-2025-15122
LOW
JeecgBoot < 3.9.0 - Improper Authorization via DepartId/RoleId Manipulation
CVSS 3.1
CVE-2025-15120
LOW
JeecgBoot < 3.9.0 - Improper Authorization via getDeptRoleList departId Parameter
CVSS 3.1
CVE-2025-15119
LOW
JeecgBoot < 3.9.0 - Improper Authorization in sys/sysDepartRole/list deptId Parameter
CVSS 3.1
CVE-2025-15118
MEDIUM
macrozheng mall < 1.0.3 - Improper Authorization in Member Address Update Endpoint
CVSS 4.3
CVE-2025-15106
MEDIUM
maxun < 0.0.28 - Improper Authorization via Authentication Endpoint
CVSS 6.3
CVE-2025-15087
MEDIUM
youlai-mall 1.0.0/2.0.0 - Improper Authorization via OrderController submitOrderPayment
CVSS 4.3
CVE-2025-15085
MEDIUM
youlai-mall 1.0.0/2.0.0 - Incorrect Privilege Assignment in Balance Handler
CVSS 4.3
CVE-2025-68481
MEDIUM
fastapi-users < 15.0.2 - Login Cross-Site Request Forgery via OAuth State Token
CVSS 5.9
CVE-2025-14546
MEDIUM
fastapi-sso < 0.19.0 - Cross-Site Request Forgery via OAuth State Parameter
CVSS 6.3
CVE-2025-65041
CRITICAL
Microsoft Partner Center - Unauthenticated Privilege Escalation
CVSS 10.0
CVE-2025-14889
MEDIUM
Campcodes Advanced Voting Management System 1.0 - Incorrect Privilege Assignment in Password Handler
CVSS 5.4
CVE-2025-46296
MEDIUM
FileMaker Server <22.0.4 - Auth Bypass
CVSS 5.4
CVE-2025-67715
MEDIUM
Weblate < 5.15 - Unauthenticated User Information Disclosure via API
CVSS 4.3
CVE-2025-65782
MEDIUM
Wekan <18.15 - Privilege Escalation
CVSS 6.5
CVE-2025-46289
MEDIUM
macOS <26.2-15.7.3-14.8.3 - Info Disclosure
CVSS 5.5
CVE-2025-40830
MEDIUM
SINEC Security Monitor < 4.10.0 - Authenticated Arbitrary File Read and Write via ssmctl-client File Transfer
CVSS 6.7
CVE-2025-14206
MEDIUM
SourceCodester Online Student Clearance System 1.0 - Auth Bypass
CVSS 6.5
CVE-2025-12720
MEDIUM
g-FFL Cockpit plugin <1.7.1 - Info Disclosure
CVSS 5.3
CVE-2025-12505
MEDIUM
weDocs < 2.1.14 - Authenticated Unauthorized Settings Modification via create_item_permissions_check
CVSS 5.4
CVE-2025-14089
MEDIUM
Himool ERP <2.2 - Privilege Escalation
CVSS 6.3
CVE-2025-14088
MEDIUM
ketr JEPaaS <= 7.2.8 - Improper Authorization via /je/load Authorization Parameter
CVSS 6.3
CVE-2025-14016
MEDIUM
macrozheng mall-swarm < 1.0.3 - Improper Authorization via /member/readHistory/delete ids Parameter
CVSS 5.4
CVE-2025-58386
CRITICAL
Terminalfour 8-8.4.1.1 - Privilege Escalation
CVSS 9.8
CVE-2025-66301
CRITICAL
Grav CMS Twig SSTI Authenticated Sandbox Bypass RCE
CVSS 9.6
Details
Vulnerabilities
1,318
Exploit Likelihood
High