Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,047 vulnerabilities with CWE-863

CVE-2026-23964 MEDIUM

Mastodon <4.5.5-4.3.18 - Info Disclosure

CVE-2026-23961 MEDIUM

Mastodon < 4.3.18 - Incorrect Authorization Bypass via Suspended User Post Processing

CVE-2026-22822 HIGH

External Secrets Operator 0.20.2-1.1.0 - Incorrect Authorization via getSecretKey Template Function

CVE-2026-23837 CRITICAL

MyTube < 1.7.66 - Unauthenticated Incorrect Authorization via Missing Authentication Cookie

CVE-2026-1007 HIGH

Devolutions Server 2025.3.1-2025.3.12 - Incorrect Authorization in Virtual Gateway Component

CVE-2026-20960 HIGH

Microsoft Power Apps - Code Injection

CVE-2026-23496 MEDIUM

Pimcore Web2Print Tools Bundle <6.1.1 - Privilege Escalation

CVE-2026-22909 HIGH

SICK TDC-X401GL Firmware - Unauthenticated Improper Access Control

CVE-2026-21274 HIGH

Adobe Dreamweaver < 21.7 - Incorrect Authorization leading to Arbitrary Code Execution

CVE-2026-0684 MEDIUM

WordPress CP Image Store <1.1.9 - Auth Bypass

CVE-2026-22784 MEDIUM

Lychee < 7.1.0 - Incorrect Authorization via Album Password Unlock

CVE-2026-0831 MEDIUM

Templately <3.4.8 - Arbitrary File Write

CVE-2026-22595 HIGH

Ghost 5.121.0-5.130.5 and 6.0.0-6.10.3 - Incorrect Authorization via Staff Token Authentication

CVE-2026-22253 MEDIUM

Soft Serve < 0.11.2 - Authenticated Authorization Bypass via LFS Lock Deletion Force Flag

CVE-2026-22230 HIGH

OPEXUS eCASE Audit < 11.14.1.0 - Authenticated Incorrect Authorization via Client-Side JavaScript Manipulation

CVE-2026-21896 MEDIUM

Kirby 5.0.0-5.2.1 - Incorrect Authorization in Content Changes API

CVE-2026-22042 HIGH

RustFS < 1.0.0-alpha.79 - Unauthorized IAM Import via Incorrect Action Validation

CVE-2025-14774 HIGH

Communication analysis between the Card Reader and TP2CardReaderService daemon

CVE-2025-32348 HIGH

Android 14-16 - Background Activity Launch Privilege Escalation

CVE-2025-15023 HIGH

Improper Access Control in Yordam Informatics' Library Automation System

CVE-2025-9973 MEDIUM

Authorization Bypass via Adaptive Authentication in WSO2 Identity Server Allows Cross-Organization Account Takeover

CVE-2025-10908 HIGH

Account Lock Bypass via Magic Link or Pass Key Authentication in WSO2 Identity Server Allows Unauthorized Access

CVE-2025-15633 MEDIUM

HCL BigFix WebUI is affected by an improper authorization vulnerability

CVE-2025-66170 MEDIUM

Apache CloudStack: Any user can list backups that they should not have access to

CVE-2025-9957 LOW

Incorrect Authorization in GitLab

Previous Page 23 of 122 Next

Details

Vulnerabilities 3,047

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy