Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

2,832 vulnerabilities with CWE-863

CVE-2026-33460 MEDIUM

Incorrect Authorization in Kibana Fleet Leading to Information Disclosure

CVE-2026-27140 HIGH

Code execution vulnerability in SWIG code generation in cmd/go

CVE-2026-39381 MEDIUM

Parse Server's Endpoint `/sessions/me` bypasses `_Session` `protectedFields`

CVE-2026-39331 HIGH

ChurchCRM has an API Authorization Bypass Allows Authenticated User to Deactivate, Modify, and Spam Arbitrary Families

CVE-2026-22682 HIGH

OpenHarness Improper Access Control via File Tools

CVE-2026-35604 HIGH

File Browser share links remain accessible after Share/Download permissions are revoked

CVE-2026-35586 MEDIUM

Authorization Bypass for SSL Certificate/Key Configuration Due to Option Name Mismatch in pyload-ng

CVE-2026-35491 MEDIUM

Pi-hole FTL: CLI API sessions can import Teleporter archives and modify configuration

CVE-2026-35490 CRITICAL

changedetection.io has an Authentication Bypass via Decorator Ordering

CVE-2026-5384 MEDIUM

runZero Platform incorrect credential scope

CVE-2026-5383 MEDIUM

runZero Explorer missing authorization check

CVE-2026-5382 LOW

runZero Platform MCP endpoint information leak

CVE-2026-5381 LOW

runZero Platform task information leak

CVE-2026-5380 MEDIUM

runZero Platform cleartext secret exposure

CVE-2026-5379 LOW

runZero Platform MCP certification information leak

CVE-2026-5378 MEDIUM

runZero Platform user creation leak

CVE-2026-5374 MEDIUM

runZero Platform MCP information leak

CVE-2026-35464 HIGH

pyLoad has an incomplete fix for CVE-2026-33509: unprotected storage_folder enables arbitrary file write to Flask session store and code execution

CVE-2026-28808 CRITICAL

ScriptAlias CGI targets bypass directory auth in inets httpd (mod_auth vs mod_cgi path mismatch)

CVE-2026-35442 HIGH

Directus: Authenticated Users Can Extract Concealed Fields via Aggregate Queries

CVE-2026-35412 HIGH

Directus has a TUS Upload Authorization Bypass Allows Arbitrary File Overwrite

CVE-2026-34972 MEDIUM

OpenFGA's BatchCheck within-request deduplication produces incorrect authorization decisions via list-value cache-key collision

CVE-2026-35029 HIGH

LiteLLM affected by privilege escalation via unrestricted proxy configuration endpoint

CVE-2026-5574 MEDIUM

Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization

CVE-2026-34953 CRITICAL

PraisonAI: Authentication Bypass in OAuthManager.validate_token()

Previous Page 4 of 114 Next

Details

Vulnerabilities 2,832

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy