The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
1,318 vulnerabilities with CWE-285
CVE-2025-10759
MEDIUM
Webkul QloApps < 1.7.0 - Authorization Bypass via CSRF Token Manipulation
CVSS 5.3
CVE-2025-8532
MEDIUM
Bimser Solution Software Trade Inc. EBA Document and Workflow Manag...
CVSS 6.4
CVE-2025-10707
MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization via /message/sysMessageTemplate/sendMsg
CVSS 6.3
CVE-2025-10676
MEDIUM
fuyang_lipengjun platform 1.0 - Incorrect Privilege Assignment in BrandController
CVSS 4.3
CVE-2025-10675
MEDIUM
fuyang_lipengjun platform 1.0 - Incorrect Privilege Assignment in AttributeController
CVSS 4.3
CVE-2025-10674
MEDIUM
fuyang_lipengjun platform 1.0 - Improper Authorization in AttributeCategoryController
CVSS 4.3
CVE-2025-8057
MEDIUM
Patika Global Technologies HumanSuite <53.21.0 - Auth Bypass
CVSS 6.5
CVE-2025-41249
HIGH
Spring Framework 5.3.0-5.3.44, 6.1.0-6.1.22, 6.2.0-6.2.10 - Improper Authorization via Annotation Detection Mechanism
CVSS 7.5
CVE-2025-43231
MEDIUM
macOS Sonoma <14.8 - Info Disclosure
CVSS 5.5
CVE-2025-31255
CRITICAL
iPadOS < 26.0 - Improper Authorization
CVSS 9.8
CVE-2025-10422
MEDIUM
newbee-mall < 2023-10-09 - Improper Authorization via Order Status Handler
CVSS 4.3
CVE-2025-10390
MEDIUM
crmeb < 5.6.1 - Improper Authorization via UserAddressServices editAddress Function
CVSS 5.4
CVE-2025-10389
MEDIUM
crmeb < 5.6.1 - Incorrect Privilege Assignment in Administrator Password Handler
CVSS 5.4
CVE-2025-10384
MEDIUM
RuoYi < 4.8.1 - Improper Authorization via Role Handler
CVSS 5.4
CVE-2025-10374
HIGH
Shenzhen Sixun Business Management System 7/11 - Auth Bypass
CVSS 7.3
CVE-2025-10319
MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization in Tenant Log Export
CVSS 4.3
CVE-2025-10318
MEDIUM
JeecgBoot < 3.8.2 - Improper Authorization via WebSocket Message Handler
CVSS 6.3
CVE-2025-10291
MEDIUM
linlinjava litemall < 1.8.0 - Improper Authorization via WxAftersaleController ID Parameter
CVSS 6.3
CVE-2025-10278
MEDIUM
ruoyi-vue-pro < 2025.09 - Improper Authorization via /crm/contact/transfer ids Parameter
CVSS 6.3
CVE-2025-10277
MEDIUM
yudao-cloud < 2025.09 - Improper Authorization via /crm/receivable/submit ID Parameter
CVSS 6.3
CVE-2025-10276
MEDIUM
ruoyi-vue-pro < 2025.09 - Improper Authorization via /crm/contract/transfer id/newOwnerUserId
CVSS 6.3
CVE-2025-10275
MEDIUM
yudao-cloud < 2025.09 - Improper Authorization via /crm/business/transfer ids/newOwnerUserId Manipulation
CVSS 6.3
CVE-2025-6088
LOW
danny-avila/librechat <0.7.8 - Info Disclosure
CVSS 3.1
CVE-2025-10209
MEDIUM
Papermerge DMS <3.5.3 - Auth Bypass
CVSS 5.4
CVE-2025-10086
MEDIUM
fuyang_lipengjun platform 1.0.0 - Incorrect Privilege Assignment in AdPositionController
CVSS 6.3
Details
Vulnerabilities
1,318
Exploit Likelihood
High