VYPR

CWE-285

Improper Authorization

ClassDraftLikelihood: High

Description

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-104 · CAPEC-127 · CAPEC-13 · CAPEC-17 · CAPEC-39 · CAPEC-402 · CAPEC-45 · CAPEC-5 · CAPEC-51 · CAPEC-59 · CAPEC-60 · CAPEC-647 · CAPEC-668 · CAPEC-76 · CAPEC-77 · CAPEC-87

CVEs mapped to this weakness (812)

page 29 of 41
  • CVE-2022-32532Jun 28, 2022
    risk 0.07cvss epss 0.25

    Apache Shiro before 1.9.1, A RegexRequestMatcher can be misconfigured to be bypassed on some servlet containers. Applications using RegExPatternMatcher with `.` in the regular expression are possibly vulnerable to an authorization bypass.

  • CVE-2022-22978May 19, 2022
    risk 0.07cvss epss 0.10

    In spring security versions prior to 5.4.11+, 5.5.7+ , 5.6.4+ and older unsupported versions, RegexRequestMatcher can easily be misconfigured to be bypassed on some servlet containers. Applications using RegexRequestMatcher with `.` in the regular expression are possibly…

  • CVE-2026-47713LowMay 28, 2026
    risk 0.06cvss 2.0epss 0.00

    AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. Prior to 1.13.0, an approved mobile device token created in single-user mode can survive single-user -> multi-user migration even when the device record…

  • CVE-2024-8181Aug 27, 2024
    risk 0.05cvss epss 0.46

    An Authentication Bypass vulnerability exists in Flowise version 1.8.2. This could allow a remote, unauthenticated attacker to access API endpoints as an administrator and allow them to access restricted functionality.

  • CVE-2025-29927Mar 21, 2025
    risk 0.04cvss epss 1.00

    Next.js is a React framework for building full-stack web applications. Starting in version 1.11.4 and prior to versions 12.3.5, 13.5.9, 14.2.25, and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in…

  • CVE-2026-24421Jan 24, 2026
    risk 0.03cvss epss 0.02

    phpMyFAQ is an open source FAQ web application. Versions 4.0.16 and below have flawed authorization logic which exposes the /api/setup/backup endpoint to any authenticated user despite their permissions. SetupController.php uses userIsAuthenticated() but does not verify that the…

  • CVE-2014-9357Dec 16, 2014
    risk 0.01cvss epss 0.06

    Docker 1.3.2 allows remote attackers to execute arbitrary code with root privileges via a crafted (1) image or (2) build in a Dockerfile in an LZMA (.xz) archive, related to the chroot for archive extraction.

  • CVE-2014-0107Apr 15, 2014
    risk 0.01cvss epss 0.14

    The TransformerFactory in Apache Xalan-Java before 2.7.2 does not properly restrict access to certain properties when FEATURE_SECURE_PROCESSING is enabled, which allows remote attackers to bypass expected restrictions and load arbitrary classes or access external resources via a…

  • CVE-2026-55519lowJun 23, 2026
    risk 0.00cvss epss

    ### Impact A vulnerability was identified in Snipe-IT v8.4.0 (build 21280-g91a95dbc6) that allows any authenticated user with generic asset edit permissions to delete files attached to any asset in the system, regardless of ownership or company assignment. This constitutes an…

  • CVE-2026-55775lowJun 19, 2026
    risk 0.00cvss epss

    ### Summary A user that is granted namespace management (`/sys/namespaces`) capabilities within a non-root namespace ("the victim namespace") can abuse special handling of the literal path `"root"` in namespace path canonicalization to manage the victim namespace itself. ###…

  • CVE-2026-54683Jun 18, 2026
    risk 0.00cvss epss

    ## Summary A previous advisory (CVE-2026-49463 / GHSA-qpm9-h556-mwxm) reported that any logged-in user could download any document by its identifier, and stated this was fixed in 3.0.1. For the document-content part that fix was **incomplete**: documents remained downloadable…

  • CVE-2026-46552May 21, 2026
    risk 0.00cvss epss 0.00

    ### Summary Shared-base sessions were granted the same base-member capabilities as authenticated viewers. Using only the shared-base UUID (`xc-shared-base-id`), an attacker could enumerate base members and invite an arbitrary email into the base as a real member. The invited…

  • CVE-2026-33222Mar 25, 2026
    risk 0.00cvss epss 0.00

    NATS-Server is a High-Performance server for NATS.io, a cloud and edge native messaging system. Prior to versions 2.11.15 and 2.12.6, users with JetStream admin API access to restore one stream could restore to other stream names, impacting data which should have been protected…

  • CVE-2026-33162Mar 24, 2026
    risk 0.00cvss epss 0.00

    Craft CMS is a content management system (CMS). From version 5.3.0 to before version 5.9.14, an authenticated control panel user with only accessCp can move entries across sections via POST /actions/entries/move-to-section, even when they do not have saveEntries:{sectionUid}…

  • CVE-2026-33680Mar 24, 2026
    risk 0.00cvss epss 0.00

    Vikunja is an open-source self-hosted task management platform. Prior to version 2.2.2, the `LinkSharing.ReadAll()` method allows link share authenticated users to list all link shares for a project, including their secret hashes. While `LinkSharing.CanRead()` correctly blocks…

  • CVE-2026-33668Mar 24, 2026
    risk 0.00cvss epss 0.00

    Vikunja is an open-source self-hosted task management platform. Starting in version 0.18.0 and prior to version 2.2.1, when a user account is disabled or locked, the status check is only enforced on the local login and JWT token refresh paths. Three other authentication paths…

  • CVE-2026-32300Mar 23, 2026
    risk 0.00cvss epss 0.00

    Connect-CMS is a content management system. In versions on the 1.x series up to and including 1.41.0 and versions on the 2.x series up to and including 2.41.0, an improper authorization issue in the My Page profile update feature may allow modification of arbitrary user…

  • CVE-2026-33125Mar 20, 2026
    risk 0.00cvss epss 0.00

    Frigate is a network video recorder (NVR) with realtime local object detection for IP cameras. In versions 0.16.2 and below, users with the viewer role can delete admin and low-privileged user accounts. Exploitation can lead to DoS and affect data integrity. This issue has been…

  • CVE-2026-32034Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.2.21 contain an authentication bypass vulnerability in the Control UI when allowInsecureAuth is explicitly enabled and the gateway is exposed over plaintext HTTP, allowing attackers to bypass device identity and pairing verification. An attacker…

  • CVE-2026-32027Mar 19, 2026
    risk 0.00cvss epss 0.00

    OpenClaw versions prior to 2026.2.26 contain an authorization bypass vulnerability where DM pairing-store identities are incorrectly eligible for group allowlist authorization checks. Attackers can exploit this cross-context authorization flaw by using a sender approved via DM…