CWE-285

High likelihood

Improper Authorization

Parent: CWE-284 - Improper Access Control

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

1,214 vulnerabilities with CWE-285
CVE-2025-15119 LOW
Jeecg Boot < 3.9.0 - Incorrect Authorization
CVSS 3.1
CVE-2025-15118 MEDIUM
Macrozheng Mall < 1.0.3 - Improper Authorization
CVSS 4.3
CVE-2025-15106 MEDIUM
Maxun < 0.0.28 - Improper Authorization
CVSS 6.3
CVE-2025-15087 MEDIUM
Youlai-mall - Improper Authorization
CVSS 4.3
CVE-2025-15085 MEDIUM
Youlai-mall - Incorrect Authorization
CVSS 4.3
CVE-2025-68481 MEDIUM
Pypi Fastapi-users < 15.0.2 - Improper Authorization
CVSS 5.9
CVE-2025-14546 MEDIUM
fastapi-sso <0.19.0 - CSRF
CVSS 6.3
CVE-2025-65041 CRITICAL
Microsoft Partner Center - Improper Authorization
CVSS 10.0
CVE-2025-14889 MEDIUM
Campcodes Advanced Voting Management System - Improper Authorization
CVSS 5.4
CVE-2025-46296 MEDIUM
FileMaker Server <22.0.4 - Auth Bypass
CVSS 5.4
CVE-2025-67715 MEDIUM
Weblate < 5.15 - Improper Access Control
CVSS 4.3
CVE-2025-65782 MEDIUM
Wekan <18.15 - Privilege Escalation
CVSS 6.5
CVE-2025-46289 MEDIUM
macOS <26.2-15.7.3-14.8.3 - Info Disclosure
CVSS 5.5
CVE-2025-40830 MEDIUM
Siemens Sinec Security Monitor < 4.10.0 - Improper Authorization
CVSS 6.7
CVE-2025-14206 MEDIUM
SourceCodester Online Student Clearance System 1.0 - Auth Bypass
CVSS 6.5
CVE-2025-12720 MEDIUM
g-FFL Cockpit plugin <1.7.1 - Info Disclosure
CVSS 5.3
CVE-2025-12505 MEDIUM
weDocs <2.1.14 - Auth Bypass
CVSS 5.4
CVE-2025-14089 MEDIUM
Himool ERP <2.2 - Privilege Escalation
CVSS 6.3
CVE-2025-14088 MEDIUM
ketr JEPaaS <7.2.8 - Auth Bypass
CVSS 6.3
CVE-2025-14016 MEDIUM
Macrozheng Mall-swarm < 1.0.3 - Incorrect Authorization
CVSS 5.4
CVE-2025-58386 CRITICAL
Terminalfour 8-8.4.1.1 - Privilege Escalation
CVSS 9.8
CVE-2025-66301 CRITICAL
Grav CMS Twig SSTI Authenticated Sandbox Bypass RCE
CVSS 9.6
CVE-2025-13808 HIGH
Orionsec Orion-ops < 2025-08-01 - Improper Authorization
CVSS 7.3
CVE-2025-13807 MEDIUM
Orionsec Orion-ops < 2025-08-01 - Improper Authorization
CVSS 4.3
CVE-2025-13806 HIGH
Nutzam Nutzboot < 2.6.0 - Incorrect Authorization
CVSS 7.3
Details
Vulnerabilities 1,214
Exploit Likelihood High
Links
MITRE CWE Entry Search this CWE With Exploits