Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-24409 HIGH

Adobe Commerce < 2.4.4 - Incorrect Authorization

CVE-2025-24407 HIGH

Adobe Commerce < 2.4.8-beta1 - Incorrect Authorization

CVE-2025-24872 MEDIUM

SAP ABAP Platform - Privilege Escalation

CVE-2025-24869 MEDIUM

SAP NetWeaver Application Server Java - Info Disclosure

CVE-2025-24200 MEDIUM KEV

iPadOS < 15.8.4, < 16.7.11, < 17.7.5, < 18.3.1 - Authorization Bypass via USB Restricted Mode

CVE-2025-23419 MEDIUM

F5 NGINX 1.11.4-1.26.2 and NGINX Plus R28-R31 - Incorrect Authorization via TLS Session Resumption

CVE-2025-24860 MEDIUM

Apache Cassandra <4.0.15, <4.1.7 - Auth Bypass

CVE-2025-24500 HIGH

Broadcom Symantec Privileged Access Management 3.4.6-4.1.7 and 4.2.0 - Unauthenticated Information Disclosure

CVE-2025-24099 MEDIUM

macOS < 13.7.3, < 14.7.3, < 15.3 - Privilege Escalation

CVE-2025-24479 HIGH

Rockwell FactoryTalk View ME <V15 - Local Privileged Command Execution

CVE-2025-23054 MEDIUM

HPE Aruba Networking Fabric Composer 7.0.0-7.1.0 - Authenticated Incorrect Authorization

CVE-2025-23053 MEDIUM

HPE Aruba Networking Fabric Composer 7.0.0-7.1.0 - Authenticated Privilege Escalation via Web Management Interface

CVE-2025-0781 HIGH

simgear < 2020.3.19 - Unauthenticated Arbitrary File Write via Nasal Script Sandbox Bypass

CVE-2025-24141 LOW

iPadOS < 18.3 - Unauthenticated Photos Access via Locked App Bypass

CVE-2025-24121 LOW

macOS < 13.7.3, < 14.7.3, < 15.3 - Unauthorized File System Modification

CVE-2025-24114 MEDIUM

macOS < 13.7.3, < 14.7.3, < 15.3 - Unauthorized File System Modification

CVE-2025-24401 MEDIUM

Jenkins Folder-based Authorization Strategy Plugin < 217.vd5b_18537403e - Incorrect Authorization

CVE-2025-24400 MEDIUM

Jenkins Eiffel Broadcaster Plugin 2.8.0-2.10.2 - Incorrect Authorization via Credential ID Cache Key

CVE-2025-24397 MEDIUM

Jenkins GitLab Plugin < 1.9.6 - Incorrect Authorization via Global Item/Configure Permission

CVE-2025-21570 MEDIUM

Oracle Life Sciences Argus Safety 8.2.3 - Unauthenticated Incorrect Authorization in Login Component

CVE-2025-21569 MEDIUM

Oracle Hyperion Data Relationship Management 11.2.19.0.000 - Incorrect Authorization in Web Services

CVE-2025-21568 MEDIUM

Oracle Hyperion Data Relationship Management 11.2.19.0.000 - Unauthorized Data Access via Access and Security Component

CVE-2025-21567 MEDIUM

MySQL Server < 9.1.0 - Unauthorized Data Access via Privilege Misconfiguration

CVE-2025-21565 HIGH

Oracle Agile PLM Framework 9.3.6 - Unauthenticated Incorrect Authorization via HTTP

CVE-2025-21563 MEDIUM

Oracle PeopleSoft Enterprise CC Common Application Objects 9.2 - Incorrect Authorization in Run Control Management

Previous Page 42 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy