CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,213 vulnerabilities with CWE-285
CVE-2026-6583 MEDIUM
TransformerOptimus SuperAGI API Key Management Endpoint api_key.py edit_api_key authorization
CVSS 5.4
CVE-2026-6572 MEDIUM
Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization
CVSS 5.6
CVE-2026-6571 MEDIUM
kodcloud KodExplorer systemRole.class.php roleGroupAction authorization
CVSS 6.3
CVE-2026-6570 LOW
kodcloud KodExplorer systemMember.class.php initInstall authorization
CVSS 2.7
CVE-2026-6564 MEDIUM
EMQ EMQX Enterprise Session Handling improper authorization
CVSS 4.3
CVE-2026-40305 MEDIUM
DNN has Force Friend Request Acceptance
CVSS 4.3
CVE-2026-40259 HIGH
SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API
CVSS 8.1
CVE-2026-40248 HIGH
free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions
CVSS 7.5
CVE-2026-40247 HIGH
free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions
CVSS 7.5
CVE-2026-40246 HIGH
free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions
CVSS 7.5
CVE-2026-34370 MEDIUM
Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes
CVSS 6.5
CVE-2026-33146 MEDIUM
Docmost's Public Share Search Exposes Metadata of Restricted Children
CVSS 4.3
CVE-2026-27912 HIGH
Windows Kerberos Elevation of Privilege Vulnerability
CVSS 8.0
CVE-2026-38533 MEDIUM
Snipe-IT 8.4.0 - Privilege Escalation
CVSS 6.5
CVE-2026-6105 HIGH
perfree go-fastdfs-web doInstall InstallController.java improper authorization
CVSS 7.3
CVE-2026-32252 HIGH
Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id`
CVSS 7.7
CVE-2026-5412 CRITICAL
Juju CloudSpec API could leak senstive information
CVSS 9.9
CVE-2026-5999 MEDIUM
JeecgBoot SysAnnouncementController improper authorization
CVSS 6.3
CVE-2026-5842 HIGH
decolua 9router Administrative API Endpoint api authorization
CVSS 7.3
CVE-2026-39901 MEDIUM
monetr: Protected Transactions Deletable via PUT
CVSS 5.7
CVE-2026-35479 MEDIUM
InvenTree Plugin Installation - Insufficient Permissions
CVSS 6.6
CVE-2026-35476 HIGH
InvenTree Affected by Privilege Escalation via API
CVSS 7.2
CVE-2026-35407 MEDIUM
Saleor has Cross-Account Email Change via Unbound Confirmation Token
CVSS 6.5
CVE-2026-39389 MEDIUM
CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files
CVSS 6.7
CVE-2026-39347 LOW
OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion
CVSS 2.7
Details
Vulnerabilities 1,213
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits