Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,047 vulnerabilities with CWE-863

CVE-2026-23982 MEDIUM

Apache Superset <6.0.0 - Auth Bypass

CVE-2026-27112 CRITICAL

Kargo 1.7.0-1.7.8/1.8.11/1.9.3 - Privilege Escalation

CVE-2026-2819 MEDIUM

Dromara RuoYi-Vue-Plus <5.5.3 - Auth Bypass

CVE-2026-26963 MEDIUM

Cilium 1.18.0-1.18.5 - Incorrect Authorization via Native Routing with WireGuard and Node Encryption

CVE-2026-26328 MEDIUM

OpenClaw <2026.2.14 - Privilege Escalation

CVE-2026-26316 HIGH

OpenClaw < 2026.2.13 - Incorrect Authorization via BlueBubbles Webhook Loopback Bypass

CVE-2026-26205 HIGH

opa-envoy-plugin <1.13.2-envoy-2 - Auth Bypass

CVE-2026-26336 HIGH

Hyland Alfresco Content Services < 25.3 - Unauthenticated Arbitrary File Read via Resource Endpoint

CVE-2026-25232 HIGH

Gogs <=0.13.4 - Privilege Escalation

CVE-2026-1999 MEDIUM

GitHub Enterprise Server - Auth Bypass

CVE-2026-2386 MEDIUM

The Plus Addons for Elementor <6.4.7 - Privilege Escalation

CVE-2026-2126 MEDIUM

User Submitted Posts Plugin - Privilege Escalation

CVE-2026-0997 MEDIUM

Mattermost 11.1.x-11.1.2 - Privilege Escalation

CVE-2026-22892 MEDIUM

Mattermost 10.11.0-10.11.9 11.1.0-11.1.2 11.2.0-11.2.1 - Incorrect Authorization via Jira Plugin

CVE-2026-25767 HIGH

LavinMQ <2.6.8 - Privilege Escalation

CVE-2026-21722 MEDIUM

Grafana 9.3.0-12.3.1 - Unauthenticated Authorization Bypass via Public Dashboard

CVE-2026-20624 MEDIUM

macOS < 14.8.4, < 15.7.4, < 26.3 - Unprotected User Data Exposure via Injection Issue

CVE-2026-26031 MEDIUM

Frappe Learning 2.0.0-2.43.9 - Unauthenticated Enrolled Student Email Disclosure

CVE-2026-26012 MEDIUM

vaultwarden < 1.35.3 - Incorrect Authorization via Organization Ciphers Endpoint

CVE-2026-25924 HIGH

kanboard < 1.2.50 - Authenticated Remote Code Execution via Plugin Installer Bypass

CVE-2026-25890 HIGH

filebrowser < 2.57.1 - Authenticated Authorization Bypass via Multiple Slash Path Manipulation

CVE-2026-25875 CRITICAL

PlaciPy 1.0.0 - Incorrect Authorization via JWT Claim Manipulation

CVE-2026-25811 CRITICAL

PlaciPy 1.0.0 - Incorrect Authorization via Email Domain Tenant Identifier

CVE-2026-2141 MEDIUM

WuKongOpenSource WukongCRM <11.3.3 - Auth Bypass

CVE-2026-2208 MEDIUM

Wekan < 8.21 - Missing Authorization in Rules Handler

Previous Page 21 of 122 Next

Details

Vulnerabilities 3,047

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy