Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,047 vulnerabilities with CWE-863

CVE-2026-25859 HIGH

Wekan < 8.20 - Incorrect Authorization in Migration Functionality

CVE-2026-25568 MEDIUM

WeKan < 8.19 - Incorrect Authorization via allowPrivateOnly Setting Bypass

CVE-2026-25566 MEDIUM

WeKan < 8.19 - Incorrect Authorization in Card Move Logic

CVE-2026-25565 MEDIUM

WeKan < 8.19 - Incorrect Authorization in Card Update API

CVE-2026-25561 HIGH

WeKan < 8.19 - Incorrect Authorization in Attachment Upload API

CVE-2026-25729 MEDIUM

DeepAudit < 3.0.4 - Authenticated Sensitive Information Disclosure via User Enumeration Endpoint

CVE-2026-23989 HIGH

OpenCloud Reva <2.42.3, <2.40.3 - Auth Bypass

CVE-2026-24851 HIGH

OpenFGA 1.8.5-1.11.2 - Incorrect Authorization via Check Call Policy Enforcement

CVE-2026-23632 MEDIUM

Gogs < 0.13.4 - Incorrect Authorization via PUT /repos/:owner/:repo/contents/* Endpoint

CVE-2026-23572 HIGH

TeamViewer <15.74.5 - Privilege Escalation

CVE-2026-1897 MEDIUM

WeKan < 8.21 - Missing Authorization in Position-History Tracking

CVE-2026-1553 MEDIUM

Drupal Canvas < 1.0.4 - Incorrect Authorization via Forceful Browsing

CVE-2026-1734 MEDIUM

crmeb < 5.6.3 - Unauthenticated Incorrect Authorization in Crontab Endpoint

CVE-2026-22624 MEDIUM

HIKSEMI HS-AFS-S1H1 >=V5.10.10_Build_251126 - Authenticated Incorrect Authorization

CVE-2026-25040 HIGH

Budibase <3.26.3 - Privilege Escalation

CVE-2026-22806 CRITICAL

vCluster Platform <4.6.0-4.3.10 - Privilege Escalation

CVE-2026-24780 HIGH

AutoGPT Platform < 0.6.44 - Authenticated Remote Code Execution via Disabled BlockInstallationBlock

CVE-2026-24742 MEDIUM

Discourse < 3.5.4, 2025.11.2, 2025.12.1, 2026.1.0 - Incorrect Authorization in Staff Action Logs

CVE-2026-1514 MEDIUM

Official Document Management System - Auth Bypass

CVE-2026-24748 HIGH

Kargo < 1.6.3 - Unauthenticated Incorrect Authorization via GetConfig and RefreshResource Endpoints

CVE-2026-24740 CRITICAL

Dozzle < 9.0.3 - Improper Access Control via Container ID Targeting

CVE-2026-21721 HIGH

Grafana Dashboard Permissions API - Privilege Escalation

CVE-2026-24480 HIGH

QGIS GitHub Actions pre-commit checks - Privileged Pull Request Code Execution

CVE-2026-24003 MEDIUM

EVerest <= 2025.12.1 - Incorrect Authorization via ISO 15118-2 MQTT Messages

CVE-2026-24428 HIGH

Shenzhen Tenda W30E V2 <16.01.0.19(5037) - Privilege Escalation

Previous Page 22 of 122 Next

Details

Vulnerabilities 3,047

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy