CWE-285— Improper Authorization
The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.— MITRE CWE catalog
1,351 active CVEs classified under this weakness category. Sourced from NVD, GHSA, and vendor advisories. Full definition on MITRE →
CVEs classified under CWE-285page 23 of 28
- CVE-2026-12770HIGHCVSS 8.8EG 5.42026-06-21
A vulnerability was determined in BerriAI litellm up to 1.63.1. The impacted element is an unknown function of the file litellm/proxy/management_endpoints/key_management_endpoints.py of the component Admin Key Handler. This manipulation ca…
- CVE-2026-12771HIGHCVSS 7.5EG 5.02026-06-21
A vulnerability was identified in BerriAI litellm up to 1.82.2. This affects an unknown function of the file litellm/proxy/auth/user_api_key_auth.py of the component M2M JWT Handler. Such manipulation leads to improper authorization. The a…
- CVE-2026-12797MEDIUMCVSS 6.3EG 6.32026-06-21
A security flaw has been discovered in BerriAI litellm up to 1.82.5. Affected is the function async_pre_call_hook of the file enterprise/enterprise_hooks/banned_keywords.py of the component Completions Interface. The manipulation of the ar…
- CVE-2026-12799MEDIUMCVSS 4.3EG 4.32026-06-21
A security vulnerability has been detected in BerriAI litellm up to 1.82.2. Affected by this issue is the function ui_view_users of the file litellm/proxy/management_endpoints/internal_user_endpoints.py of the component Incomplete Fix CVE-…
- CVE-2026-13490LOWCVSS 3.7EG 3.72026-06-28
A security vulnerability has been detected in glpi-project glpi 11.0.5/11.0.6/11.0.7. This affects the function Document::canViewFile of the file front/document.send.php of the component Document Handler. Such manipulation of the argument …
- CVE-2026-13508MEDIUMCVSS 5.5EG 5.52026-06-28
A flaw has been found in khoj-ai khoj up to 2.0.0-beta.28. This impacts an unknown function of the file src/khoj/routers/api_chat.py of the component Conversation Sharing Handler. This manipulation of the argument conversation.agent causes…
- CVE-2026-13511LOWCVSS 3.1EG 3.12026-06-28
A vulnerability was determined in VoltAgent up to 2.1.17. Affected by this issue is the function handleGetMemoryConversation of the file packages/server-core/src/handlers/memory.handlers.ts of the component Memory REST API. Executing a man…
- CVE-2026-13512MEDIUMCVSS 6.3EG 6.32026-06-28
A vulnerability was identified in Databend up to 1.2.881 on HTTP. This affects the function ClientSessionManager::state_key of the file src/query/service/src/servers/http/v1/session/client_session_manager.rs of the component Tenant Handler…
- CVE-2026-13514LOWCVSS 2.4EG 2.42026-06-28
A weakness has been identified in Chess Play and Learn App up to 4.9.42 on Android. This issue affects some unknown processing of the file AndroidManifest.xml of the component com.chess. This manipulation causes exposure of backup file to …
- CVE-2026-13524MEDIUMCVSS 5.6EG 5.62026-06-29
A security vulnerability has been detected in CherryHQ cherry-studio up to 1.9.6. This vulnerability affects unknown code of the file src/main/services/mcp/oauth/callback.ts of the component MCP OAuth Local Callback Server. The manipulatio…
- CVE-2026-13534MEDIUMCVSS 5.0EG 5.02026-06-29
A vulnerability was detected in CherryHQ cherry-studio up to 1.9.7. This affects the function sha256 of the file src/main/services/memory/MemoryService.ts of the component CherryIN Preload API. Performing a manipulation of the argument sta…
- CVE-2026-13549MEDIUMCVSS 5.4EG 5.42026-06-29
A security flaw has been discovered in CodeAstro Complaint Management System 1.0. The affected element is the function deletereport of the file application/controllers/Report.php of the component Report Endpoint. The manipulation results i…
- CVE-2026-13591MEDIUMCVSS 5.0EG 5.02026-06-29
A weakness has been identified in DeepMyst Mysti 0.4.0. Affected is the function _isTrackedConversation of the file src/managers/ChannelBridge.ts of the component Contact Tracking. This manipulation of the argument _channelType causes impr…
- CVE-2026-14608MEDIUMCVSS 4.3EG 4.32026-07-03
A security vulnerability has been detected in SourceCodester CET Automated Grading System with AI Predictive Analytics 1.0. This vulnerability affects unknown code of the file /index.php?action=view_student of the component POST Handler. T…
- CVE-2026-14690HIGHCVSS 7.3EG 7.32026-07-05
A weakness has been identified in SourceCodester Multi-Vendor Online Grocery Management System 1.0. This affects the function save_users of the file classes/Users.php. This manipulation causes improper authorization. Remote exploitation of…
- CVE-2026-14693MEDIUMCVSS 5.4EG 5.42026-07-05
A flaw has been found in SourceCodester Multi-Vendor Online Grocery Management System 1.0. Affected by this vulnerability is the function cancel_order of the file classes/Master.php. Executing a manipulation can lead to improper authorizat…
- CVE-2026-14716MEDIUMCVSS 6.3EG 6.32026-07-05
A security vulnerability has been detected in nextlevelbuilder GoClaw up to 3.13.0-beta.2. Impacted is the function MethodRouter.Handle of the file internal/gateway/router.go of the component WebSocket RPC Handler. Such manipulation leads …
- CVE-2026-14753HIGHCVSS 7.3EG 7.32026-07-05
A vulnerability was detected in mjperpinosa stumasy up to 327d1b0f2915ba79d7ef8ebb74553e987609d9be. This impacts an unknown function of the file /PHP/objects/notes of the component Note Handler/Assignment Handler. Performing a manipulation…
- CVE-2026-14778HIGHCVSS 7.3EG 7.32026-07-05
A security vulnerability has been detected in SourceCodester Onlne Examination & Learning Management System 1.0. This affects an unknown part of the file /ajax_enroll.php of the component Enrollment Management. The manipulation of the argu…
- CVE-2026-14793MEDIUMCVSS 4.3EG 4.32026-07-06
A vulnerability was detected in Craft CMS up to 4.18.0.1. Affected is the function actionReorderSets of the file src/controllers/GlobalsController.php of the component reorder-sets Endpoint. The manipulation results in authorization bypass…
- CVE-2026-14794MEDIUMCVSS 4.3EG 4.32026-07-06
A flaw has been found in Craft CMS up to 4.18.0.1. Affected by this vulnerability is the function actionGetNewUsersData of the file src/controllers/ChartsController.php of the component Charts Endpoint. This manipulation of the argument us…
- CVE-2026-15036MEDIUMCVSS 4.3EG 4.32026-07-08
A vulnerability was determined in Harness up to 2.28.2. This vulnerability affects the function getAuthorizedSpaces of the file app/api/controller/gitspace/list_all.go of the component gitspaces Endpoint. Executing a manipulation can lead …
- CVE-2026-15191MEDIUMCVSS 6.3EG 6.32026-07-09
A flaw has been found in mettle sendportal up to 3.0.1. This vulnerability affects unknown code of the file vendor/mettle/sendportal-core/src/Http/Requests/CampaignStoreRequest.php of the component Campaign Creation Endpoint. Executing a m…
- CVE-2026-15318MEDIUMCVSS 6.3EG 6.32026-07-10
A weakness has been identified in Sipeed PicoClaw up to 0.2.9. Affected by this issue is some unknown functionality of the file pkg/channels/mqtt/mqtt.go of the component MQTT Channel Handler. This manipulation of the argument client_id ca…
- CVE-2026-15373MEDIUMCVSS 6.3EG 6.32026-07-10
A vulnerability was detected in Eleveo Call Recording Software 9.7.0. The impacted element is an unknown function of the file /callrec/userAddAction.do. Performing a manipulation of the argument role results in improper authorization. It i…
- CVE-2026-15374MEDIUMCVSS 6.3EG 6.32026-07-10
A flaw has been found in Eleveo Call Recording Software 9.7.0. This affects an unknown function of the file /callrec/roleAddAction.do of the component Group Interface. Executing a manipulation can lead to improper authorization. It is poss…
- CVE-2026-15375MEDIUMCVSS 4.3EG 4.32026-07-10
A vulnerability has been found in Eleveo Call Recording Software 9.7.0. This impacts an unknown function of the file /callrec/users_ldap.jsp of the component LDAP User Interface. The manipulation leads to improper authorization. The attack…
- CVE-2026-15376MEDIUMCVSS 6.3EG 6.32026-07-10
A vulnerability was found in Eleveo Call Recording Software 9.7.0. Affected is an unknown function of the file /callrec/statisticReportAction.do. The manipulation results in improper authorization. The attack can be launched remotely. The …
- CVE-2026-15377MEDIUMCVSS 4.3EG 4.32026-07-10
A vulnerability was determined in Eleveo Call Recording Software 9.7.0. Affected by this vulnerability is an unknown functionality of the file /callrec/sendlogfile. This manipulation causes improper authorization. The attack may be initiat…
- CVE-2026-15470MEDIUMCVSS 4.3EG 4.32026-07-11
A vulnerability has been found in Eleveo Call Recording Software 9.7.0. Affected by this issue is some unknown functionality of the file /callrec/group.jsp. Such manipulation leads to improper authorization. The attack may be launched remo…
- CVE-2026-15471MEDIUMCVSS 4.3EG 4.32026-07-12
A vulnerability was found in Eleveo Call Recording Software 9.7.0. This affects an unknown part of the file /callrec/pci_dss_status.jsp. Performing a manipulation results in improper authorization. Remote exploitation of the attack is poss…
- CVE-2026-15472MEDIUMCVSS 4.3EG 4.32026-07-12
A vulnerability was determined in Eleveo Call Recording Software 9.7.0. This vulnerability affects unknown code of the file /callrec/composeEmailAction.do. Executing a manipulation can lead to improper authorization. The attack can be exec…
- CVE-2026-15473MEDIUMCVSS 6.3EG 6.32026-07-12
A vulnerability was identified in Eleveo Call Recording Software 9.7.0. This issue affects some unknown processing of the file /callrec/restoreCallAction.do of the component Recorded Calls Page. The manipulation leads to improper authoriza…
- CVE-2026-15474MEDIUMCVSS 4.3EG 4.32026-07-12
A security flaw has been discovered in Eleveo Call Recording Software 9.7.0. Impacted is an unknown function of the file /callrec/audio.jsp of the component Call Recording Handler. The manipulation of the argument callId results in imprope…
- CVE-2026-15499MEDIUMCVSS 6.3EG 6.32026-07-12
A security flaw has been discovered in AstrBotDevs AstrBot up to 4.25.2. Affected is the function FutureTaskTool.call of the file astrbot/core/tools/cron_tools.py of the component Scheduled Task Handler. Performing a manipulation of the ar…
- CVE-2026-1550MEDIUMCVSS 6.3EG 6.32026-01-28
A security flaw has been discovered in PHPGurukul Hospital Management System 1.0. Affected by this issue is some unknown functionality of the file /hms/hospital/docappsystem/adminviews.py of the component Admin Dashboard Page. Performing a…
- CVE-2026-1597MEDIUMCVSS 6.3EG 6.32026-01-29
A vulnerability has been found in Bdtask SalesERP up to 20260116. This issue affects some unknown processing of the component Administrative Endpoint. Such manipulation of the argument ci_session leads to improper authorization. The attack…
- CVE-2026-1702MEDIUMCVSS 6.3EG 6.32026-01-30
A vulnerability was detected in SourceCodester Pet Grooming Management Software 1.0. Impacted is an unknown function of the file /admin/operation/user.php of the component User Management. Performing a manipulation of the argument group_id…
- CVE-2026-1710MEDIUMCVSS 6.5EG 6.52026-03-31
The WooPayments: Integrated WooCommerce Payments plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'save_upe_appearance_ajax' function in all versions up to, and including, 10.…
- CVE-2026-1733MEDIUMCVSS 4.3EG 4.32026-02-01
A vulnerability was identified in Zhong Bang CRMEB up to 5.6.3. This affects the function detail/tidyOrder of the file /api/store_integral/order/detail/:uni. The manipulation of the argument order_id leads to improper authorization. The at…
- CVE-2026-1892MEDIUMCVSS 5.0EG 5.02026-02-04
A security vulnerability has been detected in WeKan up to 8.20. This affects the function setBoardOrgs of the file models/boards.js of the component REST API. Such manipulation of the argument item.cardId/item.checklistId/card.boardId lead…
- CVE-2026-1894MEDIUMCVSS 6.3EG 6.32026-02-04
A vulnerability was detected in WeKan up to 8.20. This impacts an unknown function of the file models/checklistItems.js of the component REST API. Performing a manipulation of the argument item.cardId/item.checklistId/card.boardId results …
- CVE-2026-2010MEDIUMCVSS 4.2EG 4.22026-02-06
A vulnerability has been found in Sanluan PublicCMS up to 4.0.202506.d/5.202506.d/6.202506.d. Impacted is the function Paid of the file publiccms-parent/publiccms-trade/src/main/java/com/publiccms/logic/service/trade/TradePaymentService.ja…
- CVE-2026-2015MEDIUMCVSS 6.3EG 6.32026-02-06
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file FinalStatusImportService.php of the component Final Status Import. Executing a manipulation of the argument school_id can lead to…
- CVE-2026-20190HIGHCVSS 7.5EG 7.52026-06-17
A vulnerability in Cisco ISE and ISE-PIC could allow an unauthenticated, remote attacker to view sensitive information on an affected device. This vulnerability is due to improper authorization checks when a resource is accessed. An att…
- CVE-2026-20656LOWCVSS 3.3EG 3.32026-02-11
A logic issue was addressed with improved validation. This issue is fixed in Safari 26.3, iOS 18.7.5 and iPadOS 18.7.5, macOS Tahoe 26.3. An app may be able to access a user's Safari history.
- CVE-2026-20661MEDIUMCVSS 4.6EG 4.62026-02-11
An authorization issue was addressed with improved state management. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.3 and iPadOS 26.3. An attacker with physical access to a locked device may be able to view sensitive user info…
- CVE-2026-20666MEDIUMCVSS 5.5EG 5.52026-02-11
An authorization issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.3. An app may be able to access sensitive user data.
- CVE-2026-2076MEDIUMCVSS 6.3EG 6.32026-02-07
A weakness has been identified in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this vulnerability is the function addUser/updateUser/deleteUser of the file dataset\repos\warehouse\src\main\java\com\yeqifu\sy…
- CVE-2026-2077MEDIUMCVSS 6.3EG 6.32026-02-07
A security vulnerability has been detected in yeqifu warehouse up to aaf29962ba407d22d991781de28796ee7b4670e4. Affected by this issue is the function addRole/updateRole/deleteRole of the file dataset\repos\warehouse\src\main\java\com\yeqif…
Map vulnerabilities like CWE-285 to your infrastructure
EchelonGraph correlates every CVE — across CWE-285 and 150+ other weakness categories — against the assets you actually run. See blast radius, fix versions, and remediation steps in one graph.
Start Free Scan →