Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2025-21562 MEDIUM

Oracle PeopleSoft Enterprise CC Common Application Objects 9.2 - Unauthorized Data Access via Run Control Management

CVE-2025-21561 MEDIUM

Oracle PeopleSoft Enterprise SCM Purchasing 9.2 - Incorrect Authorization

CVE-2025-21560 MEDIUM

Oracle Agile PLM Framework 9.3.6 - Unauthorized Data Access via SDK

CVE-2025-21558 MEDIUM

Oracle Primavera P6 EPPM 20.12.1.0-21.12.20.0 Incorrect Authorization via Web Access

CVE-2025-21557 MEDIUM

Oracle Application Express 23.2 and 24.1 - Incorrect Authorization via HTTP

CVE-2025-21556 CRITICAL

Oracle Agile PLM Framework 9.3.6 - Incorrect Authorization via Agile Integration Services

CVE-2025-21555 MEDIUM

MySQL Server < 8.0.40 - Authenticated Denial of Service and Unauthorized Data Manipulation in InnoDB

CVE-2025-21554 MEDIUM

Oracle Communications Order and Service Management 7.4.0, 7.4.1, 7.5.0 - Unauthenticated Unauthorized Data Access

CVE-2025-21553 MEDIUM

Oracle Java VM 19.3-19.25, 21.3-21.16, 23.4-23.6 - Unauthorized Data Access via Oracle Net

CVE-2025-21546 LOW

MySQL Server < 8.0.40, 8.4.3, 9.1.0 - Authenticated Incorrect Authorization in Privilege Management

CVE-2025-21540 MEDIUM

MySQL Server < 8.0.40, <= 8.4.3, 9.1.0 - Authenticated Incorrect Authorization in Privilege Handling

CVE-2025-21539 MEDIUM

Oracle PeopleSoft Enterprise FIN eSettlements 9.2 - Incorrect Authorization via HTTP

CVE-2025-21537 MEDIUM

PeopleSoft Enterprise FIN Cash Management 9.2 - Incorrect Authorization

CVE-2025-21533 MEDIUM

Oracle VM VirtualBox < 7.0.24 and < 7.1.6 - Unauthorized Data Access via Core Component

CVE-2025-21519 MEDIUM

MySQL Server < 8.0.40, <= 8.4.3, 9.1.0 - Authenticated Denial of Service in Privilege Handling

CVE-2025-21517 MEDIUM

Oracle JD Edwards EnterpriseOne Tools < 9.2.9.0 - Unauthorized Data Manipulation via Web Runtime SEC

CVE-2025-21516 HIGH

Oracle E-Business Suite 12.2.5-12.2.13 - Authenticated Incorrect Authorization in Service Requests

CVE-2025-21506 HIGH

Oracle E-Business Suite 12.2.3-12.2.13 - Authenticated Incorrect Authorization in Technology Foundation

CVE-2025-21502 MEDIUM

Oracle GraalVM - Incorrect Authorization

CVE-2025-24460 MEDIUM

JetBrains TeamCity < 2024.12.1 - Unauthenticated Project Name Disclosure via Agent Pool

CVE-2025-0580 MEDIUM

Shiprocket Module 3 on OpenCart - Auth Bypass

CVE-2025-21403 MEDIUM

Microsoft On-Premises Data Gateway < 3000.246 - Information Disclosure

CVE-2025-22449 LOW

Mattermost 9.11.0-9.11.5 - Incorrect Authorization via Team Public Setting

CVE-2025-0237 MEDIUM

Firefox <134, Thunderbird <128.6 - Privilege Escalation

CVE-2024-47272 LOW

Synology Surveillance Station - Incorrect Authorization

Previous Page 43 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy