CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2025-11879 MEDIUM
GenerateBlocks <2.1.1 - Info Disclosure
CVSS 6.5
CVE-2025-11244 LOW
Password Protected <2.7.11 - Auth Bypass
CVSS 3.7
CVE-2025-10902 MEDIUM
Originality.ai AI Checker <1.0.12 - Info Disclosure
CVSS 4.3
CVE-2025-62401 MEDIUM
Moodle 4.1.0-4.1.20 and 5.0.0-beta-5.0.2 - Improper Authorization in Timed Assignment Feature
CVSS 5.4
CVE-2025-62610 HIGH
Hono 1.1.0-4.10.1 - Improper Authorization via JWT Audience Claim Mismatch
CVSS 8.1
CVE-2025-22177 MEDIUM
Jira Align 11.14.0-11.16.0 - Improper Authorization
CVSS 4.3
CVE-2025-22176 MEDIUM
Jira Align 11.14.0-11.16.0 - Improper Authorization
CVSS 4.3
CVE-2025-22175 MEDIUM
Jira Align 11.14.0-11.16.0 - Improper Authorization via Private Checklist Endpoint
CVSS 5.4
CVE-2025-22174 MEDIUM
Jira Align 11.14.0-11.16.0 - Improper Authorization
CVSS 4.3
CVE-2025-22173 MEDIUM
Jira Align 11.14.0-11.16.0 - Improper Authorization
CVSS 4.3
CVE-2025-22172 MEDIUM
Jira Align 11.14.0-11.16.0 - Improper Authorization via Endpoint Access
CVSS 4.3
CVE-2025-22171 MEDIUM
Jira Align 11.14.0-11.16.0 - Improper Authorization in Private Checklist Modification
CVSS 4.3
CVE-2025-22170 MEDIUM
Jira Align 11.14.0-11.16.0 - Improper Authorization via State Parameter
CVSS 4.3
CVE-2025-22169 MEDIUM
Jira Align 11.14.0-11.16.0 - Improper Authorization via Endpoint Access
CVSS 5.4
CVE-2025-22168 MEDIUM
Jira Align 11.14.0-11.16.0 - Improper Authorization via Private Checklist Endpoint
CVSS 4.3
CVE-2025-53056 MEDIUM
Oracle JD Edwards EnterpriseOne Tools 9.2.0.0-9.2.9.4 - Unauthenticated Improper Authorization via HTTP
CVSS 6.1
CVE-2025-11256 MEDIUM
Kognetiks Chatbot <2.3.5 - Info Disclosure
CVSS 5.3
CVE-2025-11510 MEDIUM
FileBird - WordPress Media Library Folders & File Manager <6.4.9 - ...
CVSS 4.3
CVE-2025-54822 MEDIUM
FortiOS 7.0.0-7.4.1 and FortiProxy 2.0.0-7.4.8 - Authenticated Improper Authorization via Crafted HTTP/HTTPS Requests
CVSS 4.3
CVE-2025-61928 CRITICAL
better-auth < 1.3.26 - Unauthenticated API Key Creation and Modification via User ID Injection
CVE-2025-59271 HIGH
Azure Cache for Redis - Improper Authorization
CVSS 8.7
CVE-2025-61524 HIGH
Casdoor < 2.63.0 - Authenticated Permission Bypass via URL Concatenation
CVSS 7.2
CVE-2025-49594 CRITICAL
XWiki OIDC 2.17.1-2.18.1 - Improper Authorization via User Profile Token Creation
CVE-2025-11321 MEDIUM
zhuimengshaonian wisdom-education <1.0.4 - Auth Bypass
CVSS 4.3
CVE-2025-11272 MEDIUM
SeriaWei ZKEACMS <4.3 - Auth Bypass
CVSS 5.4
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits