CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2026-11439 MEDIUM
theonedev Parent Project projects improper authorization
CVSS 6.3
CVE-2026-11438 MEDIUM
theonedev projects improper authorization
CVSS 6.3
CVE-2026-10580 CRITICAL
Hippoo Mobile App for WooCommerce <= 1.9.4 - Unauthenticated Authentication Bypass to Administrator Account Takeover via REST API
CVSS 9.8
CVE-2026-11336 MEDIUM
tittuvarghese CollegeManagementSystem Admin admin_page.php improper authorization
CVSS 6.3
CVE-2026-10876 MEDIUM
SourceCodester Ship Ferry Ticket Reservation System admin improper authorization
CVSS 6.3
CVE-2026-48579 CRITICAL
Microsoft Exchange Online Information Disclosure Vulnerability
CVSS 9.1
CVE-2026-41522 HIGH
DFIR-IRIS < 2.4.28 - GraphQL Authorization Bypass
CVE-2026-10693 MEDIUM
SourceCodester Online Boat Reservation System Administrative Endpoint improper authorization
CVSS 6.3
CVE-2026-33398 HIGH
Authenticated users can read hidden forum posts through `/forum/get_quotes`
CVE-2026-41115 MEDIUM
Apache Kafka: Improper Authorization in CONSUMER_GROUP_DESCRIBE API
CVSS 4.3
CVE-2026-10294 MEDIUM
PackageKit <= 1.3.5 - Improper Authorization via Frontend-Socket Argument
CVSS 4.3
CVE-2026-10285 MEDIUM
DevaslanPHP project-management <= 2.0.0-beta1 - Improper Authorization in KanbanScrumHelper Ticket Handler
CVSS 5.4
CVE-2026-10284 MEDIUM
DevaslanPHP project-management <= 2.0.0-beta1 - Incorrect Privilege Assignment in Livewire Handler
CVSS 5.4
CVE-2026-45275 MEDIUM
Nextcloud Approval < 2.7.2 - Privilege Escalation via Forced File Sharing
CVSS 6.5
CVE-2026-10282 MEDIUM
Bottelet DaybydayCRM <= 2.2.1 - Incorrect Privilege Assignment in DocumentsController
CVSS 4.3
CVE-2026-0072 HIGH
Android XR 14 InputMethodManagerService - Missing Permission Check Privilege Escalation
CVSS 7.8
CVE-2026-10272 MEDIUM
a4m4 Student-Management-System deleteform.php improper authorization
CVSS 6.5
CVE-2026-10269 MEDIUM
decolua 9router HTTP Header dashboardGuard.js isAuthenticated improper authorization
CVSS 6.3
CVE-2026-46605 MEDIUM
Apache ActiveMQ Broker, Apache ActiveMQ All, Apache ActiveMQ: Incomplete authorization during destination removal
CVSS 4.3
CVE-2026-40963 LOW
Apache Airflow: DAG authorization bypass on /ui/structure/structure_data
CVSS 3.1
CVE-2026-10236 HIGH
SourceCodester Water Billing Management System User Management Endpoint Users.php save improper authorization
CVSS 7.3
CVE-2026-10218 MEDIUM
nextlevelbuilder GoClaw evolution_handlers.go auth improper authorization
CVSS 5.4
CVE-2026-10215 MEDIUM
Dolibarr ERP CRM Leave Request REST API api_holidays.class.php checkUserAccessToObject improper authorization
CVSS 4.3
CVE-2026-10212 MEDIUM
AstrBotDevs AstrBot astr_main_agent.py astr_main_agent authorization
CVSS 6.3
CVE-2026-10211 MEDIUM
AstrBotDevs AstrBot fs.py _normalize_rw_path authorization
CVSS 6.3
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits