VYPR

CWE-863

Incorrect Authorization

ClassIncompleteLikelihood: High

Description

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

Hierarchy (View 1000)

CVEs mapped to this weakness (1,530)

page 13 of 77
  • CVE-2026-21031HigJun 5, 2026
    risk 0.51cvss 7.8epss 0.00

    Improper authorization in AppBlock prior to SMR Jun-2026 Release 1 allows local attacker to launch arbitrary activity. User interaction is required for triggering this vulnerability.

  • CVE-2025-32348HigJun 1, 2026
    risk 0.51cvss 7.8epss 0.00

    In multiple locations, there is a possible background activity launch due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation.

  • CVE-2026-28951HigMay 11, 2026
    risk 0.51cvss 7.8epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, iOS 26.5 and iPadOS 26.5, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to gain root privileges.

  • CVE-2026-39454HigApr 20, 2026
    risk 0.51cvss 7.8epss 0.00

    SKYSEA Client View and SKYMEC IT Manager provided by Sky Co.,LTD. configure the installation folder with improper file access permission settings. A non-administrative user may manipulate and/or place arbitrary files within the installation folder of the product. As a result,…

  • CVE-2026-34040HigMar 31, 2026
    risk 0.51cvss 8.8epss 0.08

    Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows attackers to bypass authorization plugins (AuthZ). This issue has been patched in version 29.3.1.

  • CVE-2025-4960HigFeb 19, 2026
    risk 0.51cvss 7.8epss 0.00

    The com.epson.InstallNavi.helper tool, deployed with the EPSON printer driver installer, contains a local privilege escalation vulnerability due to multiple flaws in its implementation. It fails to properly authenticate clients over the XPC protocol and does not correctly…

  • CVE-2025-14305HigDec 17, 2025
    risk 0.51cvss 7.8epss 0.00

    ListCheck.exe developed by Acer has a Local Privilege Escalation vulnerability. Authenticated local attackers can replace ListCheck.exe with a malicious executable of the same name, which will be executed by the system and result in privilege escalation.

  • CVE-2024-7457HigJun 11, 2025
    risk 0.51cvss 7.8epss 0.00

    The ws.stash.app.mac.daemon.helper tool contains a vulnerability caused by an incorrect use of macOS’s authorization model. Instead of validating the client's authorization reference, the helper invokes AuthorizationCopyRights() using its own privileged context (root),…

  • CVE-2025-23244HigMay 1, 2025
    risk 0.51cvss 7.8epss 0.00

    NVIDIA GPU Display Driver for Linux contains a vulnerability which could allow an unprivileged attacker to escalate permissions. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data…

  • CVE-2025-30074HigMar 16, 2025
    risk 0.51cvss 7.8epss 0.00

    Alludo Parallels Desktop before 19.4.2 and 20.x before 20.2.2 for macOS on Intel platforms allows privilege escalation to root via the VM creation routine.

  • CVE-2024-40771HigJan 15, 2025
    risk 0.51cvss 7.8epss 0.00

    The issue was addressed with improved memory handling. This issue is fixed in iOS 16.7.8 and iPadOS 16.7.8, iOS 17.5 and iPadOS 17.5, macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7, tvOS 17.5, visionOS 1.2, watchOS 10.5. An app may be able to execute arbitrary…

  • CVE-2024-7915HigNov 25, 2024
    risk 0.51cvss 7.8epss 0.00

    The application Sensei Mac Cleaner contains a local privilege escalation vulnerability, allowing an attacker to perform multiple operations as the root user. These operations include arbitrary file deletion and writing, loading and unloading daemons, manipulating file…

  • CVE-2024-47560HigOct 1, 2024
    risk 0.51cvss 7.8epss 0.00

    RevoWorks Cloud Client 3.0.91 and earlier contains an incorrect authorization vulnerability. If this vulnerability is exploited, unintended processes may be executed in the sandbox environment. Even if malware is executed in the sandbox environment, it does not compromise the…

  • CVE-2024-27848HigJun 10, 2024
    risk 0.51cvss 7.8epss 0.00

    This issue was addressed with improved permissions checking. This issue is fixed in iOS 17.5 and iPadOS 17.5, macOS Sonoma 14.5. A malicious app may be able to gain root privileges.

  • CVE-2024-3745HigMay 18, 2024
    risk 0.51cvss 7.8epss 0.00

    MSI Afterburner v4.6.6.16381 Beta 3 is vulnerable to an ACL Bypass vulnerability in the RTCore64.sys driver, which leads to triggering vulnerabilities like CVE-2024-1443 and CVE-2024-1460 from a low privileged user.

  • CVE-2024-27798HigMay 14, 2024
    risk 0.51cvss 7.8epss 0.00

    An authorization issue was addressed with improved state management. This issue is fixed in macOS Monterey 12.7.5, macOS Sonoma 14.5, macOS Ventura 13.6.7. An attacker may be able to elevate privileges.

  • CVE-2023-26246HigApr 27, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check. This…

  • CVE-2023-26245HigApr 27, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppUpgrade binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the version check in order to install any…

  • CVE-2023-26244HigApr 27, 2023
    risk 0.51cvss 7.8epss 0.00

    An issue was discovered in the Hyundai Gen5W_L in-vehicle infotainment system AE_E_PE_EUR.S5W_L001.001.211214. The AppDMClient binary file, which is used during the firmware installation process, can be modified by an attacker to bypass the digital signature check of AppUpgrade…

  • CVE-2020-9492HigJan 26, 2021
    risk 0.51cvss 8.8epss 0.04

    In Apache Hadoop 3.2.0 to 3.2.1, 3.0.0-alpha1 to 3.1.3, and 2.0.0-alpha to 2.10.0, WebHDFS client might send SPNEGO authorization header to remote URL without proper verification.