Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-34273 MEDIUM

Nagios Log Server < 2024R2.0.3 - Incorrect Authorization for Global Dashboard Deletion

CVE-2025-62795 HIGH

fit2cloud jumpserver < 3.10.21 - Authenticated Incorrect Authorization via LDAP WebSocket Endpoint

CVE-2025-12082 HIGH

Drupal CivicTheme Design System < 1.12.0 - Incorrect Authorization

CVE-2025-62259 MEDIUM

Liferay Portal 7.4.0-7.4.3.109 & DXP 2023.Q3.1-2023.Q3.4 - Unauthenticated API Access

CVE-2025-11971 MEDIUM

GitLab 10.6.0-18.3.4, 18.4.0-18.4.2, 18.5.0 - Authenticated Unauthorized Pipeline Execution via Commit Manipulation

CVE-2025-11888 LOW

ShopEngine Elementor WooCommerce Builder Addon - Info Disclosure

CVE-2025-59048 HIGH

OpenBao AWS Plugin < 0.1.1 - Cross-Account IAM Role Impersonation via Duplicate Role Name

CVE-2025-62394 MEDIUM

Moodle 4.5.0-4.5.6 and 5.0.0-beta-5.0.2 - Incorrect Authorization in Quiz Notification

CVE-2025-62651 MEDIUM

Restaurant Brands International Assistant < 2025-09-06 - Incorrect Authorization in Bathroom Rating Interface

CVE-2025-62648 MEDIUM

Restaurant Brands International Assistant < 2025-09-06 - Incorrect Authorization

CVE-2025-62647 MEDIUM

Restaurant Brands International Assistant < 2025-09-06 - Incorrect Authorization via JWT AWS Upload URL Generation

CVE-2025-48044 HIGH

ash 3.6.3-3.7.1 - Authentication Bypass via Policy Expression Handling

CVE-2025-6892 HIGH

Moxa EDR-G9010/EDR-8010/EDF-G1002-BP/TN-4900/NAT-102/NAT-108/OnCell G4302-LTE4 - Incorrect API Authorization

CVE-2025-62506 HIGH

MinIO < RELEASE.2025-10-15T17-29-55Z - Privilege Escalation via IAM Policy Validation Bypass

CVE-2025-9955 MEDIUM

WSO2 Enterprise Integrator - Incorrect Authorization in SOAP Admin Services

CVE-2025-10611 CRITICAL

WSO2 API Control Plane and API Manager - Incorrect Authorization via REST API Bypass

CVE-2025-10545 LOW

Mattermost 10.5.0-10.5.10 and 10.11.0-10.11.2 - Incorrect Authorization via Channel Member Endpoint

CVE-2025-54267 MEDIUM

Adobe Commerce 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier - Incorrect Authorization

CVE-2025-54265 MEDIUM

Adobe Commerce <=2.4.9-alpha2 - Incorrect Authorization leading to Unauthorized Read Access

CVE-2025-54263 HIGH

Adobe Commerce 2.4.9-alpha2 2.4.8-p2 2.4.7-p7 2.4.6-p12 2.4.5-p14 2.4.4-p15 and earlier - Incorrect Authorization

CVE-2025-42939 MEDIUM

SAP S/4HANA - Authenticated Incorrect Authorization via Request Parameter Tampering

CVE-2025-62243 MEDIUM

Liferay DXP 2023.Q3.1-2023.Q3.8 - Authenticated IDOR in Publications Comments

CVE-2025-11581 MEDIUM

PowerJob < 5.1.2 - Missing Authorization in OpenAPIController

CVE-2025-11580 MEDIUM

PowerJob < 5.1.2 - Unauthenticated Missing Authorization in /user/list Endpoint

CVE-2025-48043 HIGH

ash < 3.6.2 - Authentication Bypass via Incorrect Authorization in Authorizer

Previous Page 30 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy