CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,318 vulnerabilities with CWE-285
CVE-2025-3550 MEDIUM
wowjoy Internet Doctor Workstation System 1.0 - Info Disclosure
CVSS 4.3
CVE-2025-3537 MEDIUM
Tutorials-Website Employee Management System 1.0 - Improper Authorization via ID Parameter in /admin/update-user.php
CVSS 5.3
CVE-2025-3536 MEDIUM
Tutorials-Website Employee Management System 1.0 - Improper Authorization in Delete User Function
CVSS 6.5
CVE-2025-29794 HIGH
Microsoft SharePoint Enterprise Server - Remote Code Execution via Improper Authorization
CVSS 8.8
CVE-2025-30373 MEDIUM
Graylog 6.1.0-6.1.8 - Improper Authorization in HTTP Input Header Validation
CVSS 6.5
CVE-2025-3202 HIGH
ageerle ruoyi-ai < 2.0.1 - Improper Authorization in SysNoticeController
CVSS 7.3
CVE-2025-3199 HIGH
ruoyi-ai < 2.0.2 - Unauthenticated Improper Authorization in SysModelController
CVSS 7.3
CVE-2025-28131 MEDIUM
Nagios Network Analyzer 2024R1.0.3 - Broken Access Control
CVSS 4.6
CVE-2025-26683 HIGH
Azure Playwright - Unauthenticated Privilege Escalation
CVSS 8.1
CVE-2025-3014 HIGH
NightWolf Penetration Platform 2.1.4 - Insecure Direct Object Reference via Request Parameter Manipulation
CVE-2025-3013 HIGH
Customer Portal <2.1.4 - Info Disclosure
CVE-2025-2600 MEDIUM
Devolutions Remote Desktop Manager <2024.3.31.0 & 2025.1.24-2025.1.25 - Authenticated Improper Authorization
CVSS 6.8
CVE-2025-2528 LOW
Devolutions Remote Desktop Manager <=2024.3.29 & 2025.1.24-2025.1.25 - Improper Authorization
CVSS 3.6
CVE-2025-29778 MEDIUM
Kyverno 1.13.0-1.13.5 - Improper Authorization via Keyless Signature Verification
CVSS 5.8
CVE-2025-2653 MEDIUM
FoxCMS 1.25 - Improper Authorization
CVSS 4.3
CVE-2025-2639 MEDIUM
jizhicms < 1.7 - Improper Authorization in Article Handler
CVSS 4.3
CVE-2025-2638 MEDIUM
jizhicms < 1.7 - Incorrect Privilege Assignment in Article Handler
CVSS 4.3
CVE-2025-2637 MEDIUM
jizhicms < 1.7 - Improper Authorization via Account Profile Page Jifen Parameter
CVSS 4.3
CVE-2025-29927 CRITICAL
Next.js Middleware Bypass
CVSS 9.1
CVE-2025-2589 MEDIUM
code-projects Human Resource Management System 1.0.1 - Incorrect Privilege Assignment via user_cookie Argument
CVSS 5.5
CVE-2025-29922 CRITICAL
kcp < 0.26.3 - Improper Authorization via APIExport VirtualWorkspace
CVSS 9.6
CVE-2025-29926 CRITICAL
XWiki Platform <15.10.15, <16.4.6, <16.10.0 - Info Disclosure
CVSS 9.8
CVE-2025-30117 HIGH
Forvia Hella HELLA Driving Recorder DR 820 - Info Disclosure
CVSS 7.3
CVE-2025-2397 LOW
China Mobile P22g-CIac, ZXWT-MIG-P4G4V, ZXWT-MIG-P8G8V, GT3200-4G4P...
CVSS 2.4
CVE-2025-2360 HIGH
D-Link DIR-823G 1.0.2B05_20181207 - Incorrect Privilege Assignment via SetUpnpSettings SOAPAction
CVSS 7.3
Details
Vulnerabilities 1,318
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits