Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

2,832 vulnerabilities with CWE-863

CVE-2026-40515 HIGH

OpenHarness Permission Bypass via grep and glob root argument

CVE-2026-24749 MEDIUM

Silverstripe Assets Module has a DBFile::getURL() permission bypass

CVE-2026-39350 MEDIUM

Istio AuthorizationPolicy Incorrect Regex Matching of Dots in serviceAccounts Fields Allows Policy Bypass

CVE-2026-33888 MEDIUM

ApostropheCMS: publicApiProjection Bypass via `project` Query Builder in Piece-Type REST API

CVE-2026-6383 MEDIUM

Kubevirt: kubevirt: unauthorized subresource access due to improper rbac evaluation

CVE-2026-4857 HIGH

SailPoint IdentityIQ Debug UI Incorrect Authorization

CVE-2026-6290 HIGH

Velociraptor Query() Plugin Misapplies Permissions To Orgs

CVE-2026-40291 HIGH

Chamilo LMS has Privilege Escalation via API User Role Modification

CVE-2026-24069 MEDIUM

Improper Enforcement of Disabled Accounts in WebUI SSO in Kiuwan SAST

CVE-2026-40191 MEDIUM

ClearanceKit has a policy bypass via dual-path Endpoint Security events checking only source path

CVE-2026-35657 MEDIUM

OpenClaw < 2026.3.25 - Authorization Bypass in HTTP Session History Route

CVE-2026-35653 HIGH

OpenClaw < 2026.3.24 - Incorrect Authorization in POST /reset-profile via browser.request

CVE-2026-35619 MEDIUM

OpenClaw < 2026.3.24 - Authorization Bypass via HTTP /v1/models Endpoint

CVE-2026-35596 MEDIUM

Vikunja has Broken Access Control on Label Read via SQL Operator Precedence Bug

CVE-2026-40224 MEDIUM

Systemd < 260 - Privilege Escalation

CVE-2026-33551 LOW

OpenStack Keystone <26.1.1 - Privilege Escalation

CVE-2026-2712 MEDIUM

WP-Optimize <= 4.5.0 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update and Image Manipulation

CVE-2026-35645 HIGH

OpenClaw < 2026.3.25 - Privilege Escalation via Synthetic operator.admin in deleteSession

CVE-2026-35635 MEDIUM

OpenClaw < 2026.3.22 - Webhook Path Route Replacement Vulnerability in Synology Chat

CVE-2026-34512 HIGH

OpenClaw < 2026.3.25 - Improper Access Control in /sessions/:sessionKey/kill Endpoint

CVE-2026-40071 MEDIUM

pyLoad WebUI JSON permission mismatch lets ADD/DELETE users invoke MODIFY-only actions

CVE-2026-39957 MEDIUM

Lychee has Broken Access Control in SharingController::listAll() leaks private album sharing metadata to unauthorized users

CVE-2026-2619 MEDIUM

Incorrect Authorization in GitLab

CVE-2026-1752 MEDIUM

Incorrect Authorization in GitLab

CVE-2026-33461 HIGH

Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

Previous Page 3 of 114 Next

Details

Vulnerabilities 2,832

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy