Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-43197 MEDIUM

macOS < 13.7.7, < 14.7.7, < 15.6 - Unprotected User Data Exposure via Missing Entitlement Checks

CVE-2025-53902 MEDIUM

Tuleap <16.9.99.1752585665, <16.8-6, <16.9-5 - Info Disclosure

CVE-2025-54533 MEDIUM

JetBrains TeamCity < 2025.07 - Unauthenticated Build Settings Disclosure via VCS Configuration

CVE-2025-54532 MEDIUM

JetBrains TeamCity < 2025.07 - Unauthenticated Build Settings Disclosure via Snapshot Dependencies

CVE-2025-54569 MEDIUM

Malwarebytes Binisoft Windows Firewall Control <6.16.0.0 - Privileg...

CVE-2025-54596 MEDIUM

Abnormal Security /v1.0/rbac/users_v2/ - Privilege Escalation

CVE-2025-0765 MEDIUM

GitLab CE/EE <18.0.5-18.2.1 - Info Disclosure

CVE-2025-6018 HIGH

pam-config - Local Privilege Escalation via Polkit Bypass

CVE-2025-29757 CRITICAL

Growatt Cloud - Privilege Escalation

CVE-2025-53943 HIGH

VoidBot Open-Source <1.0.0 - Privilege Escalation

CVE-2025-6981 MEDIUM

GitHub Enterprise Server < 3.14.5 - Unauthorized Internal Repository Read Access via Contractors API

CVE-2025-50086 MEDIUM

MySQL 8.0.0-8.0.42, 8.4.0-8.4.5, 9.0.0-9.3.0 - Authenticated Denial of Service in Server Components Services

CVE-2025-50085 MEDIUM

MySQL 8.0.0-8.0.42, 8.4.0-8.4.5, 9.0.0-9.3.0 - DoS and Data Manipulation in InnoDB

CVE-2025-50084 MEDIUM

MySQL 8.0.0-8.0.42, 8.4.0-8.4.5, 9.0.0-9.3.0 - Authenticated Denial of Service in Server Optimizer

CVE-2025-30751 HIGH

Oracle Database Server 19.27 and 23.4-23.8 - Authenticated Database Takeover via Oracle Net

CVE-2025-30750 LOW

Oracle Database Server 19.3-19.27, 21.3-21.18, 23.4-23.8 - Authenticated Unauthorized Data Manipulation in Unified Audit

CVE-2025-30748 MEDIUM

Oracle PeopleSoft Enterprise PeopleTools 8.60-8.62 - Unauthenticated Incorrect Authorization via PIA Core Technology

CVE-2025-30747 MEDIUM

Oracle PeopleSoft Enterprise PeopleTools 8.60-8.62 - Unauthenticated Unauthorized Data Access via PIA Core Technology

CVE-2025-30744 HIGH

Oracle Mobile Field Service 12.2.3-12.2.13 - Incorrect Authorization via Multiplatform Sync Errors

CVE-2025-30743 HIGH

Oracle Lease and Finance Management 12.2.13 - Unauthorized Data Access and Modification via Internal Operations

CVE-2025-30739 MEDIUM

Oracle CRM Technical Foundation 12.2.11-12.2.13 - Authenticated Incorrect Authorization in Preferences

CVE-2025-53895 HIGH

ZITADEL <4.0.0-rc.2, 3.3.2, 2.71.13, 2.70.14 - Privilege Escalation

CVE-2025-53836 CRITICAL

XWiki Rendering <13.10.11-14.4.7-14.10 - RCE

CVE-2025-5199 HIGH

Canonical Multipass <= 1.15.1 - Privilege Escalation via Launch Daemon File Modification

CVE-2025-6549 MEDIUM

Juniper Networks Junos OS - Auth Bypass

Previous Page 34 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy