The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.
3,063 vulnerabilities with CWE-863
CVE-2025-66378
MEDIUM
Pexip Infinity <39.0 - Privilege Escalation
CVSS 5.9
CVE-2025-59683
HIGH
Pexip Infinity 15.0-38.0 - Incorrect Authorization in Secure Scheduler for Exchange
CVSS 8.2
CVE-2025-2515
HIGH
Eclipse Foundation BlueChi < 1.0.0 - Authenticated Privilege Escalation via Systemd Service Unit File Manipulation
CVSS 7.2
CVE-2025-64641
MEDIUM
Mattermost 10.11.0-10.11.7, 10.12.0-10.12.3, 11.0.0-11.0.5, 11.1.0 - Incorrect Authorization via Jira Plugin Post Action
CVSS 4.1
CVE-2025-13767
MEDIUM
Mattermost 10.11.0-10.11.7, 10.12.0-10.12.3, 11.0.0-11.0.5, 11.1.0 - Incorrect Authorization in Jira Plugin
CVSS 4.3
CVE-2025-68476
HIGH
KEDA 2.17.0-2.17.2 and 2.18.0-2.18.2 - Arbitrary File Read via TriggerAuthentication Service Account Token Path
CVE-2025-58052
HIGH
Galette < 1.2.0 - Authenticated Incorrect Authorization via Group Manager Role
CVSS 8.1
CVE-2025-53922
MEDIUM
Galette 1.1.4-1.1.9 - Authenticated Incorrect Authorization
CVSS 4.9
CVE-2025-68422
MEDIUM
Kibana 7.0.0-7.17.29 - Authenticated Privilege Escalation via Crafted HTTP Request
CVSS 4.3
CVE-2025-68386
MEDIUM
Kibana 7.0.0-7.17.28 - Authenticated Privilege Escalation via Document Sharing Type Manipulation
CVSS 4.3
CVE-2025-14318
MEDIUM
M-Files Server <25.12.15491.7 - Info Disclosure
CVSS 4.3
CVE-2025-47382
HIGH
Qualcomm FastConnect and Snapdragon Firmware - Memory Corruption in Boot Loader
CVSS 7.8
CVE-2025-68129
MEDIUM
Auth0-PHP 8.0.0-8.17.0 - Incorrect Authorization via Improper Audience Validation
CVSS 6.8
CVE-2025-14081
MEDIUM
Ultimate Member <2.11.0 - Auth Bypass
CVSS 4.3
CVE-2025-13324
LOW
Mattermost 10.11.0-10.11.5, 11.0.0-11.0.4, 10.12.0-10.12.2 - Incorrect Authorization via Legacy Cluster Invite Token
CVSS 3.7
CVE-2025-14305
HIGH
Acer ListCheck.exe - Privilege Escalation
CVSS 7.8
CVE-2025-67740
LOW
JetBrains TeamCity < 2025.11 - Unauthenticated GitHub App Token Metadata Exposure via Improper Access Control
CVSS 2.7
CVE-2025-67490
MEDIUM
nextjs-auth0 4.11.0-4.11.2 and 4.12.0 - Incorrect Authorization via TokenRequestCache Lookup
CVSS 5.4
CVE-2025-13184
CRITICAL
TOTOLINK X5000R Firmware V9.1.0u.6369_B20230113 - Unauthenticated Telnet Enablement via cstecgi.cgi
CVSS 9.8
CVE-2025-9056
MEDIUM
AudioLink - Local Privilege Escalation
CVSS 5.3
CVE-2025-54838
MEDIUM
FortiPortal 7.4.0-7.4.5 - Authenticated Incorrect Authorization via Crafted HTTP Requests
CVSS 6.8
CVE-2025-40819
MEDIUM
SINEMA Remote Connect Server < V3.2 SP4 - Incorrect Authorization via Database Table Modification
CVSS 4.3
CVE-2025-8148
MEDIUM
Fortra GoAnywhere MFT < 7.9.0 - Improper Access Control in SFTP Service
CVSS 4.2
CVE-2025-66623
HIGH
Strimzi 0.47.0-0.49.0 - Incorrect Authorization via Kubernetes Role
CVSS 7.4
CVE-2025-66581
MEDIUM
Frappe LMS <2.41.0 - Privilege Escalation
CVSS 6.5
Details
Vulnerabilities
3,063
Exploit Likelihood
High