CWE-285: CWE-285

This vulnerability in Evmos allows users to delegate tokens that haven't vested yet, specifically affecting employees and grantees with funds in Clawb...

This vulnerability in Grafana's datasource proxy API allows users with minimal permissions to bypass authorization checks by adding an extra slash cha...

This vulnerability in MySQL Server's InnoDB component allows high-privileged attackers with network access to cause a denial of service by crashing or...

This vulnerability in MySQL Server's InnoDB component allows high-privileged attackers with network access to cause a denial of service by crashing or...

CVE-2022-3686 is a denial-of-service vulnerability in Hitachi Energy SDM600 endpoints where an attacker can render the application unresponsive by sen...

An authorization vulnerability in iOS and iPadOS allows attackers with physical access to a locked device to view sensitive user information. This aff...

Bostr versions before 3.0.10 have an authentication bypass vulnerability when the noscraper setting is enabled. This allows unauthorized users to acce...

The UiPress Lite WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to modify ...

The SiteSEO WordPress plugin up to version 1.3.2 has an authorization flaw that allows authenticated users with siteseo_manage capability to read sens...

The Image Gallery plugin for WordPress has a vulnerability that allows authenticated attackers with author-level permissions or higher to delete arbit...

The SiteSEO WordPress plugin up to version 1.3.1 has a missing authorization vulnerability that allows authenticated attackers with Author-level acces...

This vulnerability allows attackers to bypass authorization controls in Bdtask Pharmacy Management System by manipulating the user profile handler. At...

CVE-2025-12283 is an authorization bypass vulnerability in code-projects Client Details System 1.0 that allows attackers to access restricted function...

This vulnerability allows authenticated WordPress users with contributor-level permissions or higher to modify sensitive plugin options without proper...

The Originality.ai AI Checker WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or high...

Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive information...

Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive information...

Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive information...

Jira Align has an authorization bypass vulnerability where low-privilege users can perform actions they shouldn't by including a state-related paramet...

Jira Align has an authorization vulnerability where low-privilege users can modify other users' private checklists. This allows unauthorized data mani...

Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially exposing sensitive informatio...

Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive sprint data...

Jira Align has an authorization vulnerability where low-privilege users can access endpoints they shouldn't, potentially viewing sensitive information...

An authenticated attacker can access static files from other VDOMs (Virtual Domains) in affected Fortinet products by sending specially crafted HTTP/H...

This vulnerability allows attackers to bypass authorization checks in the cancelOrder function of macrozheng mall. By manipulating the orderId paramet...

This vulnerability allows remote attackers to bypass authorization in the macrozheng mall e-commerce platform by manipulating the orderId parameter in...

This vulnerability allows authenticated WordPress users with GiveWP Worker-level access or higher to modify donation payment statuses without proper a...

This vulnerability allows attackers to bypass authorization mechanisms in Portabilis i-Educar's API endpoint at /module/Api/Diario. Attackers can remo...

The HT Mega plugin for WordPress has an information disclosure vulnerability that allows authenticated users with Author-level permissions or higher t...

This vulnerability allows attackers to bypass authorization controls in the Summer Pearl Group Vacation Rental Management Platform, potentially access...

An improper API access control vulnerability in Umbraco CMS allows authenticated users with low privileges to create and update data type information,...

The SupportCandy WordPress plugin has an insecure direct object reference vulnerability that allows authenticated users to download support ticket att...

This vulnerability allows unauthorized access to the salary slip functionality in SourceCodester Best Employee Management System 1.0. Attackers can by...

CVE-2025-24784 is a privilege escalation vulnerability in kubewarden-controller where non-admin users can create AdmissionPolicyGroup resources that d...

This CVE describes an improper authorization vulnerability in Moodle where users can edit or delete RSS feeds they shouldn't have permission to modify...

This CVE describes an improper authorization vulnerability in Moodle where users can access report schedules without proper edit permissions. This aff...

This CVE describes an improper authorization vulnerability in Dolibarr ERP/CRM software where users with restricted permissions in the Reception secti...

This vulnerability allows authenticated WordPress users with Subscriber-level access or higher to send unauthorized deactivation requests for arbitrar...

This CVE describes an access control vulnerability in Huawei's SystemUI module that could allow unauthorized access to system services. Successful exp...

CVE-2024-39419 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and modif...

CVE-2024-39415 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and acces...

CVE-2024-39417 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and acces...

CVE-2024-39411 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and acces...

Adobe Commerce has an improper authorization vulnerability that allows low-privileged attackers to bypass security features and access minor informati...

Adobe Commerce has an improper authorization vulnerability that allows low-privileged attackers to bypass security features and modify minor informati...

CVE-2024-39407 is an improper authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security measures and modif...

This vulnerability is an Insecure Direct Object Reference (IDOR) in Campcodes Online Laundry Management System 1.0 that allows unauthorized access to ...

This vulnerability in newbee-mall-plus allows attackers to bypass authorization by manipulating the userid parameter in the executeSeckill function. I...

A logic vulnerability in Apple's iOS, iPadOS, Safari, and macOS allows malicious applications to access a user's Safari browsing history without prope...

This CVE describes an authorization bypass vulnerability in the fushengqian fuint software's authentication token handler. Attackers can potentially b...