Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-24221 HIGH

iPadOS < 17.7.6 and < 18.4 - Sensitive Keychain Data Exposure via Backup

CVE-2025-31673 MEDIUM

Drupal <10.3.13-11.1.3 - Forceful Browsing

CVE-2025-30209 MEDIUM

Tuleap < 16.4-10 and < 16.5.99.1742812323 - Incorrect Authorization via FRS REST Endpoints

CVE-2025-30155 MEDIUM

Tuleap < 16.4-8 and < 16.5.99.1742392651 - Incorrect Authorization in REST API

CVE-2025-30093 HIGH

HTCondor 23.0.0-23.0.21, 23.10.1-23.10.21, 24.0.0-24.0.5, 24.6.0 - Authenticated Authorization Bypass

CVE-2025-2242 HIGH

GitLab 17.4-17.8.5, 17.9-17.9.2, 17.10 - Incorrect Authorization

CVE-2025-30741 MEDIUM

Pixelfed < 0.12.5 - Unauthenticated Incorrect Authorization

CVE-2025-30163 LOW

Cilium <1.16.8, <1.17.2 - Info Disclosure

CVE-2025-30162 LOW

Cilium 1.15.0-1.15.14, 1.16.0-1.16.7, 1.17.0-1.17.1 - Incorrect Authorization via Gateway API LoadBalancer

CVE-2025-29927 CRITICAL

Next.js Middleware Bypass

CVE-2025-30179 MEDIUM

Mattermost <10.4.2-<10.3.3-<9.11.8 - Auth Bypass

CVE-2025-27933 MEDIUM

Mattermost 9.11.0-9.11.8, 10.3.0-10.3.3, 10.4.0-10.4.2 - Incorrect Authorization in Channel Conversion

CVE-2025-27715 LOW

Mattermost 9.11.0-9.11.8 - Incorrect Authorization via Permalink

CVE-2025-25274 MEDIUM

Mattermost <10.4.2-<10.3.3-<9.11.8 - Command Injection

CVE-2025-24920 MEDIUM

Mattermost 9.11.0-9.11.8, 10.3.0-10.3.3, 10.4.0-10.4.2, 10.5.0 - Incorrect Authorization in Bookmark Management

CVE-2025-26853 CRITICAL

DESCOR INFOCAD < 3.5.2.0 - Missing Authorization

CVE-2025-29924 HIGH

XWiki Platform <15.10.14, 16.4.6, 16.10.0-rc-1 - Info Disclosure

CVE-2025-1472 MEDIUM

Mattermost 9.11.0-9.11.8 - Incorrect Authorization for Viewer Role

CVE-2025-25040 LOW

HPE Aruba Networking CX 9300 - Privilege Escalation

CVE-2025-27512 LOW

Zincati <0.0.24 - Privilege Escalation

CVE-2025-2202 MEDIUM

Innovación y Cualificación Plugin - Info Disclosure

CVE-2025-2201 MEDIUM

IcProgress Innovación y Cualificación - Info Disclosure

CVE-2025-30074 HIGH

Alludo Parallels Desktop <19.4.2, <20.2.2 - Privilege Escalation

CVE-2025-27138 CRITICAL

DataEase < 2.10.6 - Unauthenticated Unauthorized Access via TokenFilter

CVE-2025-29997 HIGH

CAP Back Office - Privilege Escalation

Previous Page 40 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy