Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,063 vulnerabilities with CWE-863

CVE-2025-12149 MEDIUM

Search Guard FLX <3.1.2 - Info Disclosure

CVE-2025-41436 LOW

Mattermost < 11.0 - Unauthenticated Archived Channel Access via Open in Channel Functionality

CVE-2025-11776 MEDIUM

Mattermost < 11.0.0 - Unauthenticated Archived Channel Discovery via Search API

CVE-2025-64753 MEDIUM

grist-core < 1.7.7 - Incorrect Authorization via Compare Endpoint

CVE-2025-64746 MEDIUM

Directus < 11.13.0 - Improper Access Control via Stale Field Permission References

CVE-2025-11777 LOW

Mattermost 10.5.0-10.5.11 and 10.11.0-10.11.3 - Incorrect Authorization via Add Channel Member API

CVE-2025-64707 MEDIUM

Frappe Learning 2.0.0-2.40.9 - Incorrect Authorization via Role Cache

CVE-2025-13063 HIGH

DinukaNavaratna Dee Store 1.0 - Auth Bypass

CVE-2025-65002 HIGH

Fujitsu/Fsas Technologies iRMC S6 <1.37S - Info Disclosure

CVE-2025-61830 HIGH

Adobe Pass < 3.7.3 - Incorrect Authorization

CVE-2025-11862 HIGH

Verve Asset Manager - Info Disclosure

CVE-2025-49145 HIGH

Combodo iTop < 2.7.13 - Authenticated Database Deletion via Webhook Callback

CVE-2025-12925 HIGH

rymcu forest < 2025-09-04 - Missing Authorization in UserDicController

CVE-2025-12924 MEDIUM

rymcu forest < 2025-09-07 - Missing Authorization in BankController GlobalResult

CVE-2025-12621 MEDIUM

WooCommerce Flexible Refund <1.0.42 - Info Disclosure

CVE-2025-64490 HIGH

SuiteCRM < 7.14.8 - Incorrect Authorization in Resource Calendar and Project Screens

CVE-2025-37736 HIGH

Elastic Cloud Enterprise - Privilege Escalation

CVE-2025-63687 MEDIUM

RyMCU Forest - Privilege Escalation

CVE-2025-43459 MEDIUM

Apple Watch <26.1 - Info Disclosure

CVE-2025-43397 MEDIUM

macOS < 14.8.2, < 15.7.2, < 26.1 - Denial of Service via Permissions Issue

CVE-2025-43387 HIGH

macOS <15.7.2 & <26.1 - Privilege Escalation

CVE-2025-43336 MEDIUM

macOS < 14.8.2, < 15.7.2, < 26.1 - Unprotected User Data Exposure via Permissions Issue

CVE-2025-12038 MEDIUM

Folderly <= 0.3 - Authenticated Data Modification via REST API Endpoint

CVE-2025-62275 MEDIUM

Liferay DXP 7.4.0-7.4.3.111 & 2023.Q4.0-2023.Q4.10 - Unauthenticated Image Access

CVE-2025-34273 MEDIUM

Nagios Log Server < 2024R2.0.3 - Incorrect Authorization for Global Dashboard Deletion

Previous Page 29 of 123 Next

Details

Vulnerabilities 3,063

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy