Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,047 vulnerabilities with CWE-863

CVE-2025-14866 HIGH

Melapress Role Editor <1.1.1 - Privilege Escalation

CVE-2025-13928 HIGH

GitLab 17.7-18.6.3, 18.7-18.7.1, 18.8-18.8.1 - Unauthenticated Denial of Service via API Endpoint Authorization Bypass

CVE-2025-68140 MEDIUM

EVerest < 2025.9.0 - Unauthenticated Incorrect Authorization via Session ID 0

CVE-2025-43904 MEDIUM

SchedMD Slurm <24.11.5-23.11.11 - Privilege Escalation

CVE-2025-66005 HIGH

InputPlumber <0.63.0 - Privilege Escalation

CVE-2025-15513 MEDIUM

WordPress Float Payment Gateway <1.1.9 - Info Disclosure

CVE-2025-59020 MEDIUM

Typo3 < 10.4.55 - Incorrect Authorization

CVE-2025-41078 HIGH

Viafirma Documents < 3.7.139 - Authenticated Privilege Escalation and Data Access via Authorization Bypass

CVE-2025-14943 MEDIUM

Blog2Social <8.7.2 - Info Disclosure

CVE-2025-62487 LOW

Palantir Gotham Default Apps Bundle - Incorrect Authorization in Image Upload Security Level Handling

CVE-2025-13753 MEDIUM

WP Table Builder - Unauthorized Data Modification

CVE-2025-66315 MEDIUM

ZTE MF258K Pro - Privilege Escalation

CVE-2025-14352 MEDIUM

Awesome Hotel Booking <1.0 - Info Disclosure

CVE-2025-64421 HIGH

Coolify <= 4.0.0-beta.434 - Incorrect Authorization via Repeated Invite Request

CVE-2025-61781 HIGH

OpenCTI < 6.8.1 - Unauthenticated Authorization Bypass via WorkspacePopoverDeletionMutation

CVE-2025-69417 MEDIUM

Plex Media Server <2025-12-31 - Info Disclosure

CVE-2025-69416 MEDIUM

Plex Media Server <2025-12-31 - Info Disclosure

CVE-2025-69414 HIGH

Plex Media Server <1.42.2.10156 - Info Disclosure

CVE-2025-15406 MEDIUM

PHPGurukul Online Course Registration < 3.1 - Missing Authorization

CVE-2025-34467 MEDIUM

ZwiiCMS < 13.7.00 - Authenticated Denial of Service via Administrative Page Lock Persistence

CVE-2025-15390 MEDIUM

PHPGurukul Small CRM < 4.0 - Missing Authorization in /admin/edit-user.php

CVE-2025-14987 MEDIUM

Temporal < 1.29.1 - Incorrect Authorization via Cross-Namespace Workflow Task Commands

CVE-2025-14986 LOW

Temporal 1.24.0-1.29.1 - Incorrect Authorization via Namespace Validation Bypass

CVE-2025-15126 LOW

JeecgBoot < 3.9.0 - Improper Authorization via PositionId Argument in getPositionUserList

CVE-2025-15125 LOW

JeecgBoot < 3.9.0 - Improper Authorization via departId Parameter in queryDepartPermission

Previous Page 25 of 122 Next

Details

Vulnerabilities 3,047

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy