Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-6168 LOW

GitLab 18.0.0-18.0.3 - Authenticated Group Invitation Restriction Bypass via Crafted API Requests

CVE-2025-4972 LOW

GitLab 18.0.0-18.0.3 - Authenticated Invitation Restriction Bypass via Group Invitation Manipulation

CVE-2025-3396 MEDIUM

GitLab EE <17.11.6, <18.0.4, <18.1.2 - Auth Bypass

CVE-2025-49536 HIGH

ColdFusion <= 2025.2, 2023.14, 2021.20 - Incorrect Authorization

CVE-2025-21450 CRITICAL

Qualcomm AR8035 and FastConnect Firmware - Cryptographic Issue via Insecure Download Connection

CVE-2025-20999 MEDIUM

Samsung Android - Incorrect Authorization in Wi-Fi Password Access

CVE-2025-20300 MEDIUM

Splunk Enterprise <9.4.2, 9.3.5, 9.2.6, 9.1.9 - Info Disclosure

CVE-2025-26850 CRITICAL

Quest KACE SMA <14.0.97, <14.1.19 - Privilege Escalation

CVE-2025-0885 LOW

OpenText GroupWise 7-17.5,23.4,24.1-24.4 - Auth Bypass

CVE-2025-32462 LOW

sudo < 1.9.17p1 - Incorrect Authorization via Host Specification Bypass

CVE-2025-47871 MEDIUM

Mattermost 9.11.0-9.11.15 10.5.0-10.5.5 10.6.0-10.6.5 10.7.0-10.7.2 10.8.0 - Authenticated Information Disclosure

CVE-2025-46702 MEDIUM

Mattermost <10.5.5-10.8.0 - Privilege Escalation

CVE-2025-53391 CRITICAL

Debian zuluPolkit/CMakeLists.txt - Privilege Escalation

CVE-2025-6702 MEDIUM

linlinjava litemall 1.8.0 - Incorrect Privilege Assignment via wx/comment/post adminComment Parameter

CVE-2025-6707 MEDIUM

MongoDB 5.0.0-5.0.30 - Authenticated Privilege Escalation via Stale Privilege Execution

CVE-2025-5822 HIGH

Autel MaxiCharger AC Wallbox - Privilege Escalation

CVE-2025-49550 MEDIUM

Adobe Commerce - Incorrect Authorization leading to Security Feature Bypass

CVE-2025-49549 LOW

Adobe Commerce <= 2.4.8 - Incorrect Authorization

CVE-2025-52890 HIGH

Incus 6.12-6.13 - Incorrect Authorization via ACL Bypass in Bridge Device Rules

CVE-2025-48466 HIGH

Advantech WISE-4000 LAN Modbus TCP - Unauthenticated Digital Output Manipulation

CVE-2025-52918 MEDIUM

Yealink RPS < 2025-05-26 - Incorrect Authorization via OpenAPI Access

CVE-2025-52487 HIGH

Dnnsoftware Dotnetnuke < 10.0.1 - Incorrect Authorization

CVE-2025-3228 MEDIUM

Mattermost <10.5.5-10.8.0 - Info Disclosure

CVE-2025-3227 MEDIUM

Mattermost <10.5.5-10.8.0 - Privilege Escalation

CVE-2025-5071 HIGH

WordPress AI Engine <2.8.3 - Privilege Escalation

Previous Page 35 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy