VYPR

CWE-285

Improper Authorization

ClassDraftLikelihood: High

Description

The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.

Hierarchy (View 1000)

Related attack patterns (CAPEC)

CAPEC-1 · CAPEC-104 · CAPEC-127 · CAPEC-13 · CAPEC-17 · CAPEC-39 · CAPEC-402 · CAPEC-45 · CAPEC-5 · CAPEC-51 · CAPEC-59 · CAPEC-60 · CAPEC-647 · CAPEC-668 · CAPEC-76 · CAPEC-77 · CAPEC-87

CVEs mapped to this weakness (812)

page 5 of 41
  • CVE-2026-46656HigJun 8, 2026
    risk 0.50cvss 8.8epss 0.00

    Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain…

  • CVE-2026-43912HigMay 11, 2026
    risk 0.50cvss 8.7epss 0.00

    Vaultwarden is a Bitwarden-compatible server written in Rust. Prior to 1.35.5, Vaultwarden does not enforce that a groups_users.users_organizations_uuid entry belongs to the same organization as groups.groups_uuid, or a collections_groups.collections_uuid entry belongs to the…

  • CVE-2026-33735HigMar 27, 2026
    risk 0.50cvss 8.8epss 0.00

    MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.69, an authorization bypass in the `/api/settings/import-database` endpoint allows attackers with low-privilege credentials to upload and replace the application's SQLite database…

  • CVE-2026-28806HigMar 10, 2026
    risk 0.50cvss 8.8epss 0.00

    Improper Authorization vulnerability in nerves-hub nerves_hub_web allows cross-organization device control via device bulk actions and device update API. Missing authorization checks in the device bulk actions and device update API endpoints allow authenticated users to target…

  • CVE-2025-4521HigFeb 19, 2026
    risk 0.50cvss 8.8epss 0.00

    The IDonate – Blood Donation, Request And Donor Management System plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the idonate_donor_profile() function in versions 2.1.5 to 2.1.9. This makes it possible for authenticated…

  • CVE-2025-4474HigMay 13, 2025
    risk 0.50cvss 8.8epss 0.00

    The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the fed_admin_setting_form_function() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and…

  • CVE-2025-4473HigMay 13, 2025
    risk 0.50cvss 8.8epss 0.00

    The Frontend Dashboard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check on the ajax_request() function in versions 1.0 to 2.2.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to control…

  • CVE-2024-55954HigJan 16, 2025
    risk 0.50cvss 8.7epss 0.00

    OpenObserve is a cloud-native observability platform. A vulnerability in the user management endpoint `/api/{org_id}/users/{email_id}` allows an "Admin" role user to remove a "Root" user from the organization. This violates the intended privilege hierarchy, enabling a non-root…

  • CVE-2024-56802HigDec 31, 2024
    risk 0.50cvss epss 0.00

    Tapir is a private Terraform registry. Tapir versions 0.9.0 and 0.9.1 are facing a critical issue with scope-able Deploykeys where attackers can guess the key to get write access to the registry. User must upgrade to 0.9.2.

  • CVE-2024-45044HigSep 10, 2024
    risk 0.50cvss 8.8epss 0.01

    Bareos is open source software for backup, archiving, and recovery of data for operating systems. When a command ACL is in place and a user executes a command in bconsole using an abbreviation (i.e. "w" for "whoami") the ACL check did not apply to the full form (i.e. "whoami")…

  • CVE-2022-36110HigSep 9, 2022
    risk 0.50cvss 8.8epss 0.01

    Netmaker makes networks with WireGuard. Prior to version 0.15.1, Improper Authorization functions lead to non-privileged users running privileged API calls. If someone adds users to the Netmaker platform who do not have admin privileges, they can use their auth tokens to run…

  • CVE-2016-7035HigSep 10, 2018
    risk 0.50cvss 8.8epss 0.00

    An authorization flaw was found in Pacemaker before 1.1.16, where it did not properly guard its IPC interface. An attacker with an unprivileged account on a Pacemaker node could use this flaw to, for example, force the Local Resource Manager daemon to execute a script as root…

  • CVE-2016-5420HigAug 10, 2016
    risk 0.50cvss 7.5epss 0.15

    curl and libcurl before 7.50.1 do not check the client certificate when choosing the TLS connection to reuse, which might allow remote attackers to hijack the authentication of the connection by leveraging a previously created connection with a different client certificate.

  • CVE-2026-44504HigMay 14, 2026
    risk 0.49cvss epss 0.00

    Aegra is a drop-in replacement for LangSmith Deployments. Prior to 0.9.7, with multiple authenticated users on a shared instance are vulnerable to a cross-tenant IDOR. Any authenticated attacker, given another user's thread_id, can execute graph runs against the user's thread,…

  • CVE-2026-34320HigApr 21, 2026
    risk 0.49cvss 7.5epss 0.00

    Vulnerability in the Oracle Financial Services Customer Screening product of Oracle Financial Services Applications (component: User Interface). The supported version that is affected is 8.1.2.8.0. Easily exploitable vulnerability allows unauthenticated attacker with network…

  • CVE-2026-40246HigApr 16, 2026
    risk 0.49cvss 7.5epss 0.00

    free5GC is an open-source implementation of the 5G core network. In versions 1.4.2 and below of the UDR service, the handler for deleting Traffic Influence Subscriptions checks whether the influenceId path segment equals subs-to-notify, but does not return after sending the HTTP…

  • CVE-2024-8509HigSep 6, 2024
    risk 0.49cvss 7.5epss 0.01

    A vulnerability was found in Forklift Controller.  There is no verification against the authorization header except to ensure it uses bearer authentication. Without an Authorization header and some form of a Bearer token, a 401 error occurs. The presence of a token value…

  • CVE-2020-36696HigJun 7, 2023
    risk 0.49cvss 7.5epss 0.01

    The Product Input Fields for WooCommerce plugin for WordPress is vulnerable to authorization bypass due to a missing capability check on the handle_downloads() function in versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to download…

  • CVE-2019-25149HigJun 7, 2023
    risk 0.49cvss 7.6epss 0.01

    The Gallery Images Ape plugin for WordPress is vulnerable to Arbitrary Plugin Deactivation in versions up to, and including, 2.0.6. This allows authenticated attackers with any capability level to deactivate any plugin on the site, including plugins necessary to site…

  • CVE-2013-7245HigApr 24, 2018
    risk 0.49cvss 7.5epss 0.01

    The Backup Server component in SAP Sybase ASE 15.7 before SP51 allows remote attackers to bypass access restrictions and perform database dumps by leveraging failure to validate credentials, aka SAP Security Note 1927859.