CWE-285
Improper Authorization
Description
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Hierarchy (View 1000)
Related attack patterns (CAPEC)
CAPEC-1 · CAPEC-104 · CAPEC-127 · CAPEC-13 · CAPEC-17 · CAPEC-39 · CAPEC-402 · CAPEC-45 · CAPEC-5 · CAPEC-51 · CAPEC-59 · CAPEC-60 · CAPEC-647 · CAPEC-668 · CAPEC-76 · CAPEC-77 · CAPEC-87
CVEs mapped to this weakness (812)
page 13 of 41| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15106 | Med | 0.41 | 6.3 | 0.00 | Dec 27, 2025 | A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed… | ||
| CVE-2025-14089 | Med | 0.41 | 6.3 | 0.00 | Dec 5, 2025 | A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote.… | ||
| CVE-2025-14088 | Med | 0.41 | 6.3 | 0.00 | Dec 5, 2025 | A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The… | ||
| CVE-2025-13576 | Med | 0.41 | 6.3 | 0.00 | Nov 24, 2025 | A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used.… | ||
| CVE-2025-13118 | Med | 0.41 | 6.3 | 0.00 | Nov 13, 2025 | A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now… | ||
| CVE-2025-13114 | Med | 0.41 | 6.3 | 0.00 | Nov 13, 2025 | A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be… | ||
| CVE-2025-11050 | Med | 0.41 | 6.3 | 0.00 | Sep 27, 2025 | A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been published and may be used. | ||
| CVE-2025-11049 | Med | 0.41 | 6.3 | 0.00 | Sep 27, 2025 | A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit is now public… | ||
| CVE-2025-11048 | Med | 0.41 | 6.3 | 0.00 | Sep 26, 2025 | A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been… | ||
| CVE-2025-11047 | Med | 0.41 | 6.3 | 0.00 | Sep 26, 2025 | A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to… | ||
| CVE-2025-10989 | Med | 0.41 | 6.3 | 0.00 | Sep 26, 2025 | A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely.… | ||
| CVE-2025-10988 | Med | 0.41 | 6.3 | 0.00 | Sep 26, 2025 | A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be… | ||
| CVE-2025-10987 | Med | 0.41 | 6.3 | 0.00 | Sep 26, 2025 | A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is… | ||
| CVE-2025-10707 | Med | 0.41 | 6.3 | 0.00 | Sep 19, 2025 | A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the… | ||
| CVE-2025-10318 | Med | 0.41 | 6.3 | 0.00 | Sep 12, 2025 | A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The… | ||
| CVE-2025-10291 | Med | 0.41 | 6.3 | 0.00 | Sep 12, 2025 | A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed remotely. The exploit has… | ||
| CVE-2025-10278 | Med | 0.41 | 6.3 | 0.00 | Sep 12, 2025 | A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has… | ||
| CVE-2025-10277 | Med | 0.41 | 6.3 | 0.00 | Sep 12, 2025 | A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public… | ||
| CVE-2025-10276 | Med | 0.41 | 6.3 | 0.00 | Sep 12, 2025 | A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is… | ||
| CVE-2025-10275 | Med | 0.41 | 6.3 | 0.00 | Sep 12, 2025 | A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has… |
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote.…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in code-projects Blog Site 1.0. The affected element is an unknown function of the file /admin.php. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The exploit is now public and may be used.…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in macrozheng mall-swarm up to 1.0.3. Affected by this issue is the function paySuccess of the file /order/paySuccess. The manipulation of the argument orderID results in improper authorization. The attack can be launched remotely. The exploit is now…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in macrozheng mall-swarm up to 1.0.3. This affects the function updateAttr of the file /cart/update/attr. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicly available and might be…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been published and may be used.
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit is now public…
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. The attack may be initiated remotely. The exploit has been made available to…
- risk 0.41cvss 6.3epss 0.00
A security flaw has been discovered in yangzongzhuan RuoYi up to 4.8.1. This vulnerability affects unknown code of the file /system/role/authUser/selectAll. Performing manipulation of the argument userIds results in improper authorization. The attack can be initiated remotely.…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was identified in JeecgBoot up to 3.8.2. Affected by this vulnerability is an unknown functionality of the file /api/system/sendWebSocketMsg of the component WebSocket Message Handler. The manipulation of the argument userIds leads to improper authorization. The…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in linlinjava litemall up to 1.8.0. This affects the function WxAftersaleController of the file /wx/aftersale/cancel. Executing manipulation of the argument ID can lead to improper authorization. The attack can be executed remotely. The exploit has…
- risk 0.41cvss 6.3epss 0.00
A flaw has been found in YunaiV ruoyi-vue-pro up to 2025.09. Impacted is an unknown function of the file /crm/contact/transfer. This manipulation of the argument ids/newOwnerUserId causes improper authorization. The attack is possible to be carried out remotely. The exploit has…
- risk 0.41cvss 6.3epss 0.00
A vulnerability was detected in YunaiV yudao-cloud up to 2025.09. This issue affects some unknown processing of the file /crm/receivable/submit. The manipulation of the argument ID results in improper authorization. The attack can be executed remotely. The exploit is now public…
- risk 0.41cvss 6.3epss 0.00
A security vulnerability has been detected in YunaiV ruoyi-vue-pro up to 2025.09. This vulnerability affects unknown code of the file /crm/contract/transfer. The manipulation of the argument id/newOwnerUserId leads to improper authorization. Remote exploitation of the attack is…
- risk 0.41cvss 6.3epss 0.00
A weakness has been identified in YunaiV yudao-cloud up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Executing manipulation of the argument ids/newOwnerUserId can lead to improper authorization. The attack may be launched remotely. The exploit has…