CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2025-11227 MEDIUM
GiveWP - Donation Plugin - Info Disclosure
CVSS 6.5
CVE-2025-59686 MEDIUM
Kazaar 1.25.12 - Improper Authorization via Order ID Manipulation
CVSS 6.5
CVE-2025-11080 MEDIUM
zhuimengshaonian wisdom-education <1.0.4 - Auth Bypass
CVSS 4.3
CVE-2025-11050 MEDIUM
Portabilis i-Educar <2.10 - Privilege Escalation
CVSS 6.3
CVE-2025-11049 MEDIUM
Portabilis i-Educar <2.10 - Auth Bypass
CVSS 6.3
CVE-2025-11048 MEDIUM
Portabilis i-Educar <2.10 - Info Disclosure
CVSS 6.3
CVE-2025-11047 MEDIUM
Portabilis i-Educar <2.10 - Auth Bypass
CVSS 6.3
CVE-2025-11030 HIGH
Tutorials-Website Employee Management System <611887d8f8375271ce8ab...
CVSS 7.3
CVE-2025-10992 MEDIUM
roncoo-pay <9428382af21cd5568319eae7429b7e1d0332ff40 - Auth Bypass
CVSS 5.3
CVE-2025-10989 MEDIUM
RuoYi < 4.8.1 - Improper Authorization via /system/role/authUser/selectAll userIds Parameter
CVSS 6.3
CVE-2025-10988 MEDIUM
YunaiV ruoyi-vue-pro <2025.09 - Auth Bypass
CVSS 6.3
CVE-2025-10987 MEDIUM
YunaiV yudao-cloud <2025.09 - Auth Bypass
CVSS 6.3
CVE-2025-10981 MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization via /sys/tenant/exportXls
CVSS 4.3
CVE-2025-10980 MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization via /sys/position/exportXls
CVSS 4.3
CVE-2025-10979 MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization via /sys/role/exportXls
CVSS 4.3
CVE-2025-10978 MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization in Filter Handler
CVSS 4.3
CVE-2025-10977 LOW
JeecgBoot < 3.8.2 - Improper Authorization via /sys/tenant/deleteBatch ids Parameter
CVSS 3.1
CVE-2025-10976 LOW
JeecgBoot < 3.8.2 - Improper Authorization via DepartId Parameter
CVSS 3.1
CVE-2025-10947 MEDIUM
Sistemas Pleno Gestão de Locação <2025.7.x - Auth Bypass
CVSS 5.3
CVE-2025-59305 HIGH
Langfuse 3.1-3.108.0 - Authenticated Improper Authorization via TRPC Background Migration Endpoints
CVSS 7.6
CVE-2025-10822 MEDIUM
fuyang_lipengjun platform 1.0 - Improper Authorization in SysSmsLogController
CVSS 4.3
CVE-2025-10821 MEDIUM
fuyang_lipengjun platform 1.0 - Improper Authorization in TopicCategoryController
CVSS 4.3
CVE-2025-10820 MEDIUM
fuyang_lipengjun platform 1.0 - Incorrect Privilege Assignment in TopicController
CVSS 4.3
CVE-2025-10819 MEDIUM
fuyang_lipengjun platform 1.0 - Improper Authorization in UserCouponController
CVSS 4.3
CVE-2025-57438 MEDIUM
2wcom IP-4c 2.15.5 - Broken Access Control via Request Manipulation
CVSS 6.8
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits