CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,326 vulnerabilities with CWE-285
CVE-2025-1226 MEDIUM
yimioa < 2024-07-04 - Improper Authorization in /oa/setup/setup.jsp
CVSS 5.3
CVE-2025-24418 HIGH
Adobe Commerce < 2.4.8-beta1 - Improper Authorization
CVSS 8.1
CVE-2025-21400 HIGH
Microsoft SharePoint Server - Remote Code Execution
CVSS 8.0
CVE-2025-1078 MEDIUM
AppHouseKitchen AlDente Charge Limiter <1.29 - Privilege Escalation
CVSS 5.3
CVE-2025-20125 CRITICAL
Cisco Identity Services Engine - Authenticated Information Disclosure and Configuration Modification via API
CVSS 9.1
CVE-2025-24784 MEDIUM
kubewarden-controller 1.17.0-1.20.x - Improper Authorization via Policy Group Context-Aware Policy Deployment
CVSS 4.3
CVE-2025-24376 MEDIUM
kubewarden-controller 1.7.0-1.21.0 - Unauthenticated Policy Bypass via AdmissionPolicy Rules
CVSS 6.5
CVE-2025-0849 MEDIUM
CampCodes School Management Software 1.0 - Unauthenticated Privilege Escalation via Staff Handler
CVSS 6.3
CVE-2025-0580 MEDIUM
Shiprocket Module 3 on OpenCart - Auth Bypass
CVSS 5.6
CVE-2025-0484 HIGH
Fanli2012 native-php-cms 1.0 - Auth Bypass
CVSS 7.3
CVE-2025-23042 HIGH
Gradio < 5.6.0 - Improper Authorization via Case Bypass in ACL File Path Validation
CVSS 7.5
CVE-2025-21348 HIGH
Microsoft SharePoint Server - Remote Code Execution
CVSS 7.2
CVE-2025-21275 HIGH
Windows 10/11, Server 2022/2025 - Elevation of Privilege via App Package Installer
CVSS 7.8
CVE-2025-21611 HIGH
tgstation-server 6.11.0-6.12.2 - Improper Authorization via Role Logic Bypass
CVSS 8.8
CVE-2024-50617 HIGH
CIPPlanner CIPAce < 9.17 - Authenticated Unauthorized File Download via File ID Parameter
CVSS 7.5
CVE-2024-26291 HIGH
Avid NEXIS <2025.5.1 - Info Disclosure
CVE-2024-43706 HIGH
Kibana < 8.12.0 - Improper Authorization via Synthetic Monitor Endpoint
CVSS 7.6
CVE-2024-44314 MEDIUM
TastyIgniter < 4.0.0 - Unauthenticated Incorrect Access Control in Orders Management System
CVSS 6.5
CVE-2024-13552 MEDIUM
SupportCandy - Helpdesk & Customer Support Ticket System <3.3.0 - P...
CVSS 4.3
CVE-2024-13724 MEDIUM
Wallet System for WooCommerce < 2.6.3 - Unauthenticated Improper Authorization
CVSS 4.3
CVE-2024-43051 MEDIUM
Qualcomm AQT1000 Firmware - Information Disclosure via Widevine Key Derivation
CVSS 5.5
CVE-2024-47053 HIGH
Mautic 1.0.1-5.2.2 - Authenticated Improper Authorization via API
CVSS 7.7
CVE-2024-13692 MEDIUM
Return Refund and Exchange For WooCommerce < 4.4.5 - Unauthenticated Insecure Direct Object Reference
CVSS 5.4
CVE-2024-13821 MEDIUM
WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation
CVSS 5.3
CVE-2024-57954 MEDIUM
HarmonyOS - Improper Authorization in Media Library Module
CVSS 6.2
Details
Vulnerabilities 1,326
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits