Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-43561 CRITICAL

ColdFusion 2025.1 2023.13 2021.19 and earlier - Authenticated Remote Code Execution via Authorization Bypass

CVE-2025-4646 HIGH

Centreon web <24.04.10-24.10.4 - Privilege Escalation

CVE-2025-27696 HIGH

Apache Superset <= 4.1.1 - Authenticated Ownership Takeover via Dashboard Chart or Dataset

CVE-2025-31227 MEDIUM

iPadOS < 18.5 - Unauthorized Access to Deleted Call Recordings

CVE-2025-30440 MEDIUM

macOS < 13.7.6, < 14.7.6, < 15.5 - ASLR Bypass via Incorrect Authorization

CVE-2025-46744 LOW

SEL Blueframe OS < 1.12.0 - Authenticated User Account Metadata Tampering

CVE-2025-29827 CRITICAL

Azure Automation - Privilege Escalation via Improper Authorization

CVE-2025-26842 HIGH

Znuny < 7.1.3 - Incorrect Authorization in CommunicationLog

CVE-2025-46265 HIGH

F5OS-A and F5OS-C >=1.6.0 <1.6.2 - Authenticated Incorrect Authorization

CVE-2025-36546 HIGH

F5OS-A 1.5.1-1.5.3 and F5OS-C 1.6.0-1.6.2 - Incorrect Authorization via SSH Key-Based Authentication

CVE-2025-3476 CRITICAL

OpenText Operations Bridge Manager - Privilege Escalation

CVE-2025-3272 MEDIUM

OpenText Operations Bridge Manager <24.4 - Auth Bypass

CVE-2025-3609 MEDIUM

Reales WP STPT <2.1.2 - Privilege Escalation

CVE-2025-3879 MEDIUM

HashiCorp Vault - Incorrect Authorization via Azure Auth Method Bound Location Bypass

CVE-2025-46569 HIGH

Open Policy Agent < 1.4.0 - Rego Injection via HTTP Data API Path

CVE-2025-23244 HIGH

NVIDIA GPU Display Driver - Privilege Escalation

CVE-2025-32971 LOW

XWiki 4.5.1-15.10.12, 16.0.0-rc-1-16.4.3, 16.5.0-rc-1-16.8.0-rc-1 - Incorrect Authorization in Solr Script Service

CVE-2025-40619 HIGH

Bookgy - Unauthenticated Incorrect Authorization

CVE-2025-3963 HIGH

withstars Books-Management-System 1.0 - Info Disclosure

CVE-2025-3960 HIGH

withstars Books-Management-System 1.0 - Info Disclosure

CVE-2025-3647 MEDIUM

Moodle < 4.1.18 - Incorrect Authorization in Cohort Data Access

CVE-2025-3645 MEDIUM

Moodle < 4.1.18 - Incorrect Authorization in Messaging Web Service

CVE-2025-3644 MEDIUM

Moodle < 4.1.18 - Incorrect Authorization in Course Section Deletion

CVE-2025-3861 MEDIUM

Prevent Direct Access - Protect WordPress Files <2.8.8.2 - Privileg...

CVE-2025-46544 MEDIUM

Sherpa Orchestrator 141851 - Privilege Escalation

Previous Page 38 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy