Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-41423 LOW

Mattermost 9.11.0-9.11.10 10.4.0-10.4.2 10.5.0 - Unauthenticated Post Deletion via Playbooks Signal Keywords Endpoint

CVE-2025-43922 HIGH

FileWave Windows <16.0.0 - Privilege Escalation

CVE-2025-32408 LOW

Soffid Console <3.6.32 - Privilege Escalation

CVE-2025-3838 MEDIUM

Saviynt OVA based Connect - Improper Authorization and Weak Credential Hashing

CVE-2025-43921 MEDIUM

GNU Mailman 2.1.1-2.1.38 - Unauthenticated List Creation via /mailman/create Endpoint

CVE-2025-43917 HIGH

Pritunl Client <1.3.4220.57 - Privilege Escalation

CVE-2025-32796 MEDIUM

Dify < 0.6.12 - Improper Access Control via API

CVE-2025-3453 MEDIUM

Password Protected <2.7.7 - Info Disclosure

CVE-2025-2564 MEDIUM

Mattermost 9.11.0-9.11.9 and 10.5.0-10.5.1 - Authenticated Incorrect Authorization in Archived Channel Access Control

CVE-2025-27571 MEDIUM

Mattermost 9.11.0-9.11.9, 10.4.0-10.4.3, 10.5.0-10.5.1 - Incorrect Authorization in Archived Channel Metadata

CVE-2025-24839 LOW

Mattermost 9.11.0-9.11.9 and 10.5.0-10.5.1 - Incorrect Authorization via Wrangler Plugin Override

CVE-2025-30703 LOW

MySQL Server 8.0.0-8.0.41, 8.4.0-8.4.4, 9.0.0-9.2.0 - Authenticated Unauthorized Data Manipulation in InnoDB

CVE-2025-21582 MEDIUM

Oracle CRM Technical Foundation 12.2.3-12.2.14 - Unauthenticated Incorrect Authorization in Preferences

CVE-2025-2424 LOW

Mattermost <10.5.2 - Info Disclosure

CVE-2025-32093 MEDIUM

Mattermost 9.11.0-9.11.9, 10.4.0-10.4.3, 10.5.0-10.5.1 - Incorrect Authorization via Granular Admin Permission

CVE-2025-32068 MEDIUM

Mediawiki - OAuth Extension <1.44 - Auth Bypass

CVE-2025-24866 LOW

Mattermost <9.11.8 - Info Disclosure

CVE-2025-26330 HIGH

Dell PowerScale OneFS 9.4.0-9.10.0.1 - Unauthenticated Incorrect Authorization

CVE-2025-3475 MEDIUM

Drupal WEB-T < 1.1.0 - Excessive Resource Allocation and Content Spoofing

CVE-2025-27188 MEDIUM

Adobe Commerce < 2.4.4 - Improper Authorization

CVE-2025-31331 MEDIUM

SAP NetWeaver - Authenticated Incorrect Authorization via ABAP Transaction

CVE-2025-31481 HIGH

API Platform Core 3.4.0-3.4.16 and 4.0.0-alpha.1-4.0.21 - Incorrect Authorization via Relay Node Type

CVE-2025-27427 MEDIUM

Apache ActiveMQ Artemis - Privilege Escalation

CVE-2025-30469 LOW

iPadOS < 18.4 - Unauthenticated Photo Access from Lock Screen

CVE-2025-24233 CRITICAL

macOS < 13.7.5, < 14.7.5, < 15.4 - Unauthorized File Access via Permissions Issue

Previous Page 39 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy