VYPR

CWE-285

Improper Authorization

ClassDraftLikelihood: High

Description

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-104 · CAPEC-127 · CAPEC-13 · CAPEC-17 · CAPEC-39 · CAPEC-402 · CAPEC-45 · CAPEC-5 · CAPEC-51 · CAPEC-59 · CAPEC-60 · CAPEC-647 · CAPEC-668 · CAPEC-76 · CAPEC-77 · CAPEC-87

CVEs mapped to this weakness (812)

page 11 of 41
  • CVE-2026-9483MedMay 25, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in SourceCodester Student Grades Management System 1.0. Affected is an unknown function of the file grades.php. Performing a manipulation of the argument student_id results in improper authorization. The attack may be initiated remotely. The exploit has…

  • CVE-2026-9376MedMay 24, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in JPress up to 1.0.3. The affected element is an unknown function of the file /ucenter/article/doWriteSave of the component UCenter Article Submission Endpoint. Executing a manipulation of the argument id/userId can lead to improper authorization.…

  • CVE-2026-8786MedMay 18, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in Tencent WeKnora up to 0.3.6. Affected by this issue is the function getKnowledgeBaseForInitialization of the file internal/handler/initialization.go of the component Config API Endpoint. The manipulation of the argument kbId leads to…

  • CVE-2026-8747MedMay 17, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in Z-BlogPHP 1.7.4.3430. This affects the function CheckComment of the file zb_system/function/c_system_event.php of the component Commend Approval Handler. This manipulation causes improper authorization. The attack may be initiated remotely. The…

  • CVE-2026-7782MedMay 4, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in CodeCanyon Perfex CRM up to 3.4.1. This affects the function Clients::project of the file application/controllers/Clients.php of the component Tenant Handler. The manipulation of the argument ID results in authorization bypass. The attack may be…

  • CVE-2026-7709MedMay 3, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in janeczku Calibre-Web up to 0.6.26. The impacted element is the function generate_auth_token of the file cps/kobo_auth.py of the component Endpoint. Such manipulation of the argument user_id leads to improper authorization. The attack may be…

  • CVE-2026-7093MedApr 27, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was found in code-projects Invoice System in Laravel 1.0. Affected by this vulnerability is an unknown functionality of the file /invoice/ of the component Invoice Endpoint. Performing a manipulation of the argument ID results in improper authorization. The…

  • CVE-2026-7092MedApr 27, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability has been found in code-projects Invoice System in Laravel 1.0. Affected is an unknown function of the file /profile/ of the component Profile Handler. Such manipulation of the argument ID leads to improper authorization. The attack can be executed remotely. The…

  • CVE-2026-7091MedApr 27, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in code-projects Invoice System in Laravel 1.0. This impacts an unknown function of the file /user of the component User Management Handler. This manipulation causes improper authorization. Remote exploitation of the attack is possible. The exploit has been…

  • CVE-2026-6634MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in usememos memos up to 0.22.1. This affects the function memos_access_token of the file src/App.tsx of the component UpdateInstanceSetting. This manipulation of the argument additionalStyle/additionalScript causes improper authorization. The…

  • CVE-2026-6614MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A security flaw has been discovered in TransformerOptimus SuperAGI up to 0.0.14. Affected by this vulnerability is the function get_project/update_project/get_projects_organisation of the file superagi/controllers/project.py. The manipulation results in authorization bypass. The…

  • CVE-2026-6613MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Affected is the function delete_agent/stop_schedule/get_schedule_data of the file superagi/controllers/agent.py. The manipulation of the argument agent_id leads to authorization bypass. The attack is…

  • CVE-2026-6612MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was determined in TransformerOptimus SuperAGI up to 0.0.14. This impacts the function get_agent_execution/update_agent_execution of the file superagi/controllers/agent_execution.py of the component Agent Execution Endpoint. Executing a manipulation of the…

  • CVE-2026-6609MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A flaw has been found in liangliangyy DjangoBlog up to 2.1.0.0. The affected element is the function form_valid of the file oauth/views.py. This manipulation of the argument oauthid causes improper authorization. The attack may be initiated remotely. The exploit has been…

  • CVE-2026-6586MedApr 20, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in TransformerOptimus SuperAGI up to 0.0.14. Impacted is the function get_budget/update_budget of the file superagi/controllers/budget.py of the component Budget Endpoint. Such manipulation leads to authorization bypass. It is possible to launch…

  • CVE-2026-6571MedApr 19, 2026
    risk 0.41cvss 6.3epss 0.00

    A weakness has been identified in kodcloud KodExplorer up to 4.52. Affected by this vulnerability is the function roleGroupAction of the file /app/controller/systemRole.class.php. Executing a manipulation of the argument group_role can lead to authorization bypass. The attack…

  • CVE-2026-4548MedMar 22, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was detected in mickasmt next-saas-stripe-starter 1.0.0. Affected by this vulnerability is the function updateUserrole of the file actions/update-user-role.ts. The manipulation of the argument userId/role results in improper authorization. The attack may be…

  • CVE-2026-4171MedMar 16, 2026
    risk 0.41cvss 6.3epss 0.00

    A security vulnerability has been detected in CodeGenieApp serverless-express up to 4.17.1. Affected by this issue is some unknown functionality of the file examples/lambda-function-url/packages/api/models/TodoList.ts of the component API Endpoint. The manipulation of the…

  • CVE-2026-4013MedMar 12, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown function of the file add_admin.php. Such manipulation leads to improper authorization. The attack may be launched remotely.

  • CVE-2026-3738MedMar 8, 2026
    risk 0.41cvss 6.3epss 0.00

    A vulnerability was identified in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code of the component Financial Report Page. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit is…