Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-49825 CRITICAL

Teleport <= 17.5.1 - Unauthenticated Remote Authentication Bypass

CVE-2025-3880 MEDIUM

Opinion Stage Poll, Survey & Quiz Maker <= 19.9.0 - Authenticated Data Modification via Capability Check

CVE-2025-49586 HIGH

XWiki 7.3-16.4.6 - Authenticated Remote Code Execution via App Within Minutes Application Edit

CVE-2025-6003 MEDIUM

WordPress SSO <*.5.3 - Info Disclosure

CVE-2025-48446 HIGH

Drupal Commerce Alphabank Redirect <1.0.3 - Auth Bypass

CVE-2025-48445 HIGH

Drupal Commerce Eurobank (Redirect) <2.1.1 - Functionality Misuse

CVE-2025-4128 LOW

Mattermost 9.11.0-9.11.13 and 10.5.0-10.5.4 - Incorrect Authorization via Teams API

CVE-2025-36578 MEDIUM

Dell Wyse Management Suite < 5.2 - Incorrect Authorization

CVE-2025-40568 MEDIUM

RUGGEDCOM RST2428P - Path Traversal

CVE-2025-40567 MEDIUM

RUGGEDCOM RST2428P - Path Traversal

CVE-2025-40670 HIGH

TCMAN GIM v11 - Unauthenticated Incorrect Authorization via /PC/frmGestionUser.aspx/updateUser

CVE-2025-40669 MEDIUM

TCMAN GIM v11 - Unauthenticated Incorrect Authorization via POST Request to /PC/Options.aspx

CVE-2025-40668 MEDIUM

TCMAN GIM v11 - Incorrect Authorization via Password Change Endpoint

CVE-2025-49599 MEDIUM

Huawei EG8141A5 <V5R019C00S100 - Privilege Escalation

CVE-2025-48935 CRITICAL

Deno 2.2.0-2.2.5 - Incorrect Authorization via ATTACH DATABASE Statement

CVE-2025-48888 MEDIUM

Deno <2.1.13, <2.2.13, <2.3.2 - Info Disclosure

CVE-2025-21479 HIGH KEV

Qualcomm AQT1000 and FastConnect Firmware - Memory Corruption via Unauthorized GPU Micronode Command Execution

CVE-2025-21480 HIGH KEV

Qualcomm AQT1000 and FastConnect Firmware - Memory Corruption via Unauthorized GPU Micronode Command Execution

CVE-2025-3260 HIGH

Grafana API <v2alpha1 - Auth Bypass

CVE-2025-20674 CRITICAL

OpenWrt - Unauthenticated Arbitrary Packet Injection via Missing Permission Check

CVE-2025-48948 MEDIUM

navidrome < 0.56.0 - Authenticated Incorrect Authorization via Transcoding Configuration

CVE-2025-3611 LOW

Mattermost 9.11.0-9.11.12 10.5.0-10.5.3 10.7.0 - Authenticated Incorrect Authorization via Team API Endpoint

CVE-2025-1792 LOW

Mattermost <10.7.0, <10.5.3, <9.11.12 - Info Disclosure

CVE-2025-48881 HIGH

Valtimo <12.12.0.RELEASE - Info Disclosure

CVE-2025-48757 CRITICAL

Lovable <2025-04-15 - Info Disclosure

Previous Page 36 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy