Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,040 vulnerabilities with CWE-863

CVE-2026-47777 HIGH

Mastodon has a consent-check bypass in its remote Collections

CVE-2026-34023 HIGH

Wertheim SafeController 6.15.8328.28014 - WebSocket Authorization Bypass

CVE-2026-2470 MEDIUM

Pagelayer <= 2.0.9 - Incorrect Authorization to Authenticated (Contributor+) Mail Relay Configuration via 'contacts'

CVE-2026-54398 MEDIUM

MISP object edit authorization bypass allows unauthorized sharing group assignment

CVE-2026-53835 MEDIUM

OpenClaw < 2026.5.6 - Config-Write Enforcement Bypass in Feishu Dynamic-Agent Bindings

CVE-2026-53834 HIGH

OpenClaw < 2026.4.27 - Authorization Bypass in QQBot Pre-dispatch Slash Commands

CVE-2026-53828 HIGH

OpenClaw < 2026.5.6 - Native Command Authorization Bypass via Owner-Command Enforcement

CVE-2026-53521 MEDIUM

Nezha Monitoring: Stored future DDNS profile ID allows unauthorized use of another user's DDNS profile context

CVE-2026-49397 MEDIUM

Nezha Monitoring: Private services (`EnableShowInService: false`) are enumerable via per-server endpoints, leaking name and timing data

CVE-2026-47120 HIGH

Nezha Monitoring - AlertRule Cron Task Ownership Bypass

CVE-2026-46717 HIGH

Nezha Monitoring: RoleMember-reachable SSRF with full response-body reflection via POST /api/v1/notification

CVE-2026-54397 MEDIUM

MISP event editing allows unauthorized assignment to undisclosed sharing groups

CVE-2026-54362 MEDIUM

MISP template builder exposes non-visible custom galaxies across organisations

CVE-2026-54358 HIGH

MISP organization administrators can target site administrator accounts for password reset

CVE-2026-54357 MEDIUM

MISP improper authorization allows organization administrators to modify site administrator user settings

CVE-2026-42604 MEDIUM

Actual has an OpenID `client_secret` Disclosure via Broken Authorization Guard in `/openid/config`

CVE-2026-50008 MEDIUM

Parse Server: Server option routeAllowList is bypassable through batch sub-requests

CVE-2026-47236 MEDIUM

Solidtime team page exposes pending invitation and member emails to employees who lack invitations:view/members:view permission

CVE-2026-44173 MEDIUM

MariaDB: FILE privilege was not checked for subqueries in the FROM clause

CVE-2026-44169 MEDIUM

MariaDB: Authorization bypass in role-based routine-level privilege check exposes stored routine definitions

CVE-2026-7387 HIGH

Mattermost group syncable endpoints allow privilege escalation via scheme_admin

CVE-2026-6739 MEDIUM

Mattermost: Delegated admins could patch protected default system roles

CVE-2026-45831 HIGH

ChromaDB - Incorrect Authorization

CVE-2026-53721 HIGH

Nuxt: Route-rule middleware bypass via case-sensitivity mismatch between vue-router and the routeRules matcher

CVE-2026-47195 HIGH

Quest Bot: Per-channel permission overwrite bypass in purge and slowmode commands.

Page 1 of 122 Next

Details

Vulnerabilities 3,040

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy