CWE-285 · Improper Authorization
1350 CVEs classified under CWE-285 (Improper Authorization). Browse by severity and year.
| CVE | Severity | Score | Published | Summary |
|---|---|---|---|---|
CVE-2026-33105 | Critical | 10.0 | 2026-04-03 | Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network. |
CVE-2026-32213 | Critical | 10.0 | 2026-04-03 | Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network. |
CVE-2025-65041 | Critical | 10.0 | 2025-12-18 | Improper authorization in Microsoft Partner Center allows an unauthorized attacker to elevate privileges over a network. |
CVE-2023-33189 | Critical | 10.0 | 2023-05-30 | Pomerium is an identity and context-aware access proxy. With specially crafted requests, incorrect authorization decisions may be made by Pomerium. This issue… |
CVE-2022-2595 | Critical | 10.0 | 2022-08-01 | Improper Authorization in GitHub repository kromitgmbh/titra prior to 0.79.1. |
CVE-2022-21196 | Critical | 10.0 | 2022-02-18 | MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perfo… |
CVE-2021-37705 | Critical | 10.0 | 2021-08-13 | OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authe… |
CVE-2021-28799 | Critical | 10.0 | 2021-05-13 | An improper authorization vulnerability has been reported to affect QNAP NAS running HBS 3 (Hybrid Backup Sync. ) If exploited, the vulnerability allows remote… |
CVE-2016-5788 | Critical | 10.0 | 2016-11-25 | General Electric (GE) Bently Nevada 3500/22M USB with firmware before 5.0 and Bently Nevada 3500/22M Serial have open ports, which makes it easier for remote a… |
CVE-2026-47744 | Critical | 9.9 | 2026-05-29 | Shopper is a Headless e-commerce Admin Panel. Prior to 2.8.0, two distinct authorization defects in the team settings allowed any authenticated panel user to t… |
CVE-2026-5412 | Critical | 9.9 | 2026-04-10 | In Juju versions prior to 2.9.57 and 3.6.21, an authorization issue exists in the Controller facade. An authenticated user can call the CloudSpec API method to… |
CVE-2026-30956 | Critical | 9.9 | 2026-03-10 | OneUptime is a solution for monitoring and managing online services. Prior to 10.0.21, a low‑privileged user can bypass authorization and tenant isolation in O… |
CVE-2025-49746 | Critical | 9.9 | 2025-07-18 | Improper authorization in Azure Machine Learning allows an authorized attacker to elevate privileges over a network. |
CVE-2025-29827 | Critical | 9.9 | 2025-05-08 | Improper authorization in Azure Automation allows an authorized attacker to elevate privileges over a network. |
CVE-2025-30390 | Critical | 9.9 | 2025-04-30 | Improper authorization in Azure allows an authorized attacker to elevate privileges over a network. |
CVE-2024-45387 | Critical | 9.9 | 2024-12-23 | An SQL injection vulnerability in Traffic Ops in Apache Traffic Control <= 8.0.1, >= 8.0.0 allows a privileged user with role "admin", "federation", "operation… |
CVE-2024-43602 | Critical | 9.9 | 2024-11-12 | Azure CycleCloud Remote Code Execution Vulnerability |
CVE-2024-25108 | Critical | 9.9 | 2024-02-12 | Pixelfed is an open source photo sharing platform. When processing requests authorization was improperly and insufficiently checked, allowing attackers to acce… |
CVE-2024-24830 | Critical | 9.9 | 2024-02-08 | OpenObserve is a observability platform built specifically for logs, metrics, traces, analytics, designed to work at petabyte scale. A vulnerability has been i… |
CVE-2022-2661 | Critical | 9.9 | 2022-08-16 | Sequi PortBloque S has an improper authorization vulnerability, which may allow a low-privileged user to perform administrative functions using specifically cr… |