Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

2,832 vulnerabilities with CWE-863

CVE-2026-41348 MEDIUM

OpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash Commands

CVE-2026-41344 MEDIUM

OpenClaw < 2026.3.28 - Privilege Escalation via chat.send /verbose Parameter

CVE-2026-41909 MEDIUM

OpenClaw < 2026.4.20 - Improper Authorization in Paired-Device Pairing Actions

CVE-2026-41908 MEDIUM

OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route

CVE-2026-41233 MEDIUM

Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add()

CVE-2026-41232 MEDIUM

Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email Spoofing

CVE-2026-5377 MEDIUM

Incorrect Authorization in GitLab

CVE-2026-35370 MEDIUM

uutils coreutils id Incorrect Access-Control Decisions via Misrepresented Group Membership

CVE-2026-41131 MEDIUM

OpenFGA has Improper Policy Enforcement

CVE-2026-40599 HIGH

ClearanceKit: Ad-hoc signed binaries can spoof Apple process identities in the global allowlist

CVE-2026-41191 HIGH

FreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changes

CVE-2026-41190 HIGH

FreeScout has assigned-only visibility bypass via save_draft that allows hidden conversation draft injection

CVE-2026-41189 HIGH

FreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threads

CVE-2026-40574 MEDIUM

OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims

CVE-2026-29179 LOW

October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations

CVE-2026-26274 MEDIUM

October: Safe Mode Bypass via Twig Database Write Operations

CVE-2026-26067 MEDIUM

October: Safe Mode Bypass via CSS Preprocessor Compilers

CVE-2026-24176 MEDIUM

NVIDIA KAI Scheduler <0.13.0 - Auth Bypass

CVE-2026-41303 HIGH

OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands

CVE-2026-34082 MEDIUM

Dify has IDOR in deleting someone else's chat conversation

CVE-2026-33031 HIGH

Nginx-UI: Disabled users retain full API access through previously issued bearer tokens

CVE-2026-32228 HIGH

Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to

CVE-2026-40350 HIGH

Movary User Management (/settings/users) has Authorization Bypass that Allows Low-Privileged Users to Enumerate All Users and Create Administrator Accounts

CVE-2026-40304 MEDIUM

zrok's broken ownership check in DELETE /api/v2/unaccess allows non-admin to delete global frontend records

CVE-2026-40155 MEDIUM

Auth0 Next.js SDK has Improper Proxy Cache Lookup

Previous Page 2 of 114 Next

Details

Vulnerabilities 2,832

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy