Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-43784 MEDIUM

Liferay Portal 7.4.0-7.4.3.124 & DXP 2024.Q1.1-2024.Q2.8 - Unauthenticated Information Disclosure via API Builder

CVE-2025-58134 MEDIUM

Zoom Meeting SDK < 6.5.0 - Authenticated Integrity Impact via Network Access

CVE-2025-54246 MEDIUM

Adobe Experience Manager < 6.5.23.0 and < 2025.8.0 - Security Feature Bypass via Incorrect Authorization

CVE-2025-48042 HIGH

ash < 3.5.39 - Incorrect Authorization in Bulk Action Handlers

CVE-2025-48523 HIGH

Android - Incorrect Authorization in SelectAccountActivity

CVE-2025-32333 HIGH

Android - Local Privilege Escalation via SpaActivity Logic Error

CVE-2025-26442 MEDIUM

Android - Local Information Disclosure via NotificationAccessConfirmationActivity Logic Error

CVE-2025-26436 HIGH

Android - Local Privilege Escalation via Background Activity Launch Bypass

CVE-2025-23262 MEDIUM

NVIDIA ConnectX - Privilege Escalation

CVE-2025-23256 HIGH

NVIDIA BlueField - Privilege Escalation

CVE-2025-22428 HIGH

Android - Incorrect Authorization in AppInfoBase.java

CVE-2025-9835 MEDIUM

macrozheng mall < 1.0.3 - Authorization Bypass via Order Cancellation

CVE-2025-7974 HIGH

rocket.chat 7.4.0-7.4.3 - Unauthenticated Information Disclosure via Incorrect Authorization

CVE-2025-41031 MEDIUM

Deporsite < 02.14.1115 - Unauthenticated Profile Picture Modification via FotoUsuario Endpoint

CVE-2025-41030 MEDIUM

Deporsite < 02.14.1115 - Unauthenticated Information Disclosure via DNI Parameter

CVE-2025-3586 HIGH

Liferay DXP 2023.Q3.1-2023.Q3.10 Authenticated RCE via Groovy Script

CVE-2025-55177 MEDIUM KEV

WhatsApp for iOS < 2.25.21.73 and WhatsApp Business for iOS < 2.25.21.78 - Incomplete Authorization

CVE-2025-54877 MEDIUM

Tuleap < 16.9-8 and < 16.10.99.1754050155 - Incorrect Authorization in Artifact Field Access

CVE-2025-9602 MEDIUM

RockOA < 2.6.9 - Improper Authorization via publicsaveAjax Function

CVE-2025-25010 MEDIUM

Kibana 9.0.0-9.0.5 - Incorrect Authorization via Reporting User Role

CVE-2025-9376 MEDIUM

Block Bad Bots <= 11.58 - Unauthenticated Incorrect Authorization

CVE-2025-5187 MEDIUM

Kubernetes 1.31.0-1.31.10, 1.32.0-1.32.6, 1.33.0-1.33.2 - Incorrect Authorization via NodeRestriction

CVE-2025-1501 MEDIUM

Nozomi Networks CMC < 25.1.0 - Authenticated Incorrect Authorization in Request Trace and Download Trace

CVE-2025-36157 CRITICAL

IBM Jazz Foundation 7.0.2-7.0.3, 7.1.0 - Unauthenticated Incorrect Authorization via Server Property File Update

CVE-2025-53971 LOW

Mattermost 9.11.0-9.11.17 and 10.5.0-10.5.8 - Incorrect Authorization via Team Scheme Role Modification API

Previous Page 32 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy