Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-8886 MEDIUM

Usta Information Systems Inc. Aybs Interaktif - Privilege Escalation

CVE-2025-7374 MEDIUM

WP JobHunt <= 7.6 - Authenticated Authorization Bypass via Inactive Account Login

CVE-2025-11340 HIGH

GitLab EE <18.3.4-18.4.2 - Privilege Escalation

CVE-2025-11439 MEDIUM

JhumanJ OpnForm <1.9.3 - Auth Bypass

CVE-2025-11438 MEDIUM

JhumanJ OpnForm <1.9.3 - Auth Bypass

CVE-2025-44824 HIGH

Nagios Log Server < 2024R1.3.2 - Authenticated Denial of Service via Elasticsearch Stop API

CVE-2025-3719 HIGH

Nozomi Networks CMC and Guardian < 25.2.0 - Authenticated Privilege Escalation via CLI Command Execution

CVE-2025-59451 LOW

YoSmart YoLink <2025-10-02 - Info Disclosure

CVE-2025-59449 MEDIUM

YoSmart YoLink MQTT broker <2025-10-02 - SSRF

CVE-2025-10696 MEDIUM

OpenSupports 4.11.0 - Incorrect Authorization via Supervised Users Endpoint

CVE-2025-49641 MEDIUM

Zabbix 6.0.0-6.0.40 - Incorrect Authorization via problem.view.refresh Action

CVE-2025-27236 MEDIUM

Zabbix 6.0.38-6.0.41 - Incorrect Authorization via User Search API

CVE-2025-11239 MEDIUM

KNIME Business Hub <1.16.0 - Info Disclosure

CVE-2025-41246 HIGH

VMware Tools for Windows - Privilege Escalation

CVE-2025-11060 MEDIUM

SurrealDB 2.3.0-2.3.7 - Incorrect Authorization via LIVE SELECT Subscription

CVE-2025-59824 MEDIUM

Omni < 0.48.0 - Incorrect Authorization via WireGuard SideroLink

CVE-2025-43806 MEDIUM

Liferay Digital Experience Platform 2023.Q3.1-2023.Q3.10 - Authenticated Incorrect Authorization in Batch Engine

CVE-2025-59420 HIGH

Authlib < 1.6.4 - Insufficient Verification of Data Authenticity via Critical Header Parameter Bypass

CVE-2025-59714 MEDIUM

Internet2 Grouper 5.17.1-5.20.5 - Incorrect Authorization in Loader Job Configuration

CVE-2025-10016 HIGH

Sparkle framework - Privilege Escalation

CVE-2025-10015 MEDIUM

Sparkle < 2.7.2 - Unauthenticated Incorrect Authorization via XPC Service Registration

CVE-2025-43307 MEDIUM

macOS < 26 - Unauthorized Sensitive User Data Access

CVE-2025-31254 MEDIUM

Safari < 26.0 - Unexpected URL Redirection via Malicious Web Content

CVE-2025-59376 LOW

feisky mcp-kubernetes-server < 0.1.11 - Command Injection via Chained Command Bypass

CVE-2025-43789 MEDIUM

Liferay DXP 2024.Q1.1-2024.Q1.9 & 7.4.0-7.4.3.119 - Incorrect Authorization in JSON WS

Previous Page 31 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy