Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-0652 MEDIUM

GitLab EE/CE <17.7.7-17.9.2 - Info Disclosure

CVE-2025-27602 MEDIUM

Umbraco CMS < 10.8.9 - Authenticated Improper Authorization via Backoffice API URL Manipulation

CVE-2025-27601 MEDIUM

Umbraco CMS <14.3.3 & Umbraco.Cms.Api.Management 15.0.0-rc1-15.2.3 - Authenticated Improper Authorization

CVE-2025-27822 HIGH

Masquerade module <1.x-1.0.1 - Privilege Escalation

CVE-2025-2045 MEDIUM

GitLab 17.7.0-17.7.5, 17.8.0-17.8.3, 17.9.0 - Incorrect Authorization

CVE-2025-1540 LOW

GitLab 17.5-17.6.4, 17.7-17.7.3, 17.8-17.8.1 - Incorrect Authorization for External Users

CVE-2025-2003 HIGH

Devolutions Server < 2024.3.13.0 - Authenticated Incorrect Authorization in PAM Vaults

CVE-2025-27645 CRITICAL

Vasion Print < 20.0.2368 and Virtual Appliance < 22.0.933 - Insecure Extension Installation via HTTP Permission Methods

CVE-2025-0360 HIGH

Axis Communication - Privilege Escalation

CVE-2025-0359 HIGH

AXIS OS 11.11.0-11.11.134 and AXIS OS 2024 < 11.11.135 - Incorrect Authorization in ACAP Application Framework

CVE-2025-26532 LOW

Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Incorrect Authorization in Glossary Entry Restoration

CVE-2025-26531 LOW

Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Incorrect Authorization in Badge Management

CVE-2025-26526 MEDIUM

Moodle 4.1.0-4.1.15 and 4.5.0-beta-4.5.1 - Incorrect Authorization in Feedback Activity

CVE-2025-24526 MEDIUM

Mattermost 9.11.0-9.11.7 10.1.0-10.1.3 10.2.0-10.2.2 10.3.0-10.3.2 10.4.0-10.4.1 - Incorrect Authorization

CVE-2025-27089 MEDIUM

Directus 11.0.0-11.1.1 - Incorrect Authorization via Overlapping Update Policies

CVE-2025-26511 HIGH

Instaclustr Cassandra-Lucene-Index Plugin 4.0-rc1-1.0.0-4.0.16-1.0.0 & 4.1.2-1.0.0-4.1.8-1.0.0 Privilege Escalation

CVE-2025-0937 HIGH

Nomad 1.0.0-1.7.17 and 1.8.0-1.9.5 - Incorrect Authorization via Wildcard Namespace Event Stream

CVE-2025-1214 MEDIUM

PiHome maxair - Missing Authorization in Role-Based Access Control via /user_accounts.php?uid

CVE-2025-0516 MEDIUM

GitLab CE/EE <17.7.4-17.8.2 - Privilege Escalation

CVE-2025-24437 MEDIUM

Adobe Commerce 2.4.7-p3 2.4.6-p8 2.4.5-p10 2.4.4-p11 2.4.8-beta1 and earlier - Incorrect Authorization

CVE-2025-24436 MEDIUM

Adobe Commerce 2.4.4-p11 2.4.5-p10 2.4.6-p8 2.4.7-p3 2.4.8-beta1 - Incorrect Authorization

CVE-2025-24434 CRITICAL

Adobe Commerce <=2.4.8-beta1 Incorrect Authorization Privilege Escalation

CVE-2025-24421 MEDIUM

Adobe Commerce <= 2.4.8-beta1, <= 2.4.7-p3, <= 2.4.6-p8, <= 2.4.5-p10, <= 2.4.4-p11 - Incorrect Authorization

CVE-2025-24420 MEDIUM

Adobe Commerce < 2.4.8-beta1 - Incorrect Authorization

CVE-2025-24419 MEDIUM

Adobe Commerce < 2.4.8-beta1 - Incorrect Authorization

Previous Page 41 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy