Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,064 vulnerabilities with CWE-863

CVE-2024-32643 HIGH

masacms < 7.2.8 - Incorrect Authorization via Tag URL Declaration

CVE-2024-5539 CRITICAL

ALC WebCTRL & Carrier i-Vu <8.5 - Auth Bypass

CVE-2024-58260 HIGH

Rancher 2.9.0-2.9.11, 2.10.0-2.10.9, 2.11.0-2.11.5, 2.12.0-2.12.1 - DoS via Username Field

CVE-2024-10219 MEDIUM

GitLab CE/EE <18.0.6-18.2.2 - Auth Bypass

CVE-2024-41979 HIGH

Siemens Opcenter Quality - Incorrect Authorization

CVE-2024-3511 MEDIUM

WSO2 API Manager - Incorrect Authorization via Registry Versioned File Access

CVE-2024-8270 MEDIUM

macOS Rocket.Chat - Privilege Escalation

CVE-2024-7457 HIGH

ws.stash.app.mac.daemon.helper - Privilege Escalation

CVE-2024-7097 MEDIUM

WSO2 API Manager and Identity Server - Incorrect Authorization via SOAP Admin Service

CVE-2024-7096 MEDIUM

WSO2 API Manager and Identity Server - Privilege Escalation via SOAP Admin Services

CVE-2024-6914 CRITICAL

WSO2 API Manager and Identity Server - Incorrect Authorization via Account Recovery SOAP Admin Service

CVE-2024-13947 MEDIUM

ASPECT-Enterprise <3.* - Info Disclosure

CVE-2024-10306 MEDIUM

mod_proxy_cluster - Info Disclosure

CVE-2024-12862 MEDIUM

OpenText Content Server <24.4 - Auth Bypass

CVE-2024-49808 MEDIUM

IBM Sterling Connect:Direct Web Services <6.3.0 - Auth Bypass

CVE-2024-38392 CRITICAL

Pexip Infinity Connect <1.13.0 - RCE

CVE-2024-55965 MEDIUM

Appsmith < 1.51 - Incorrect Authorization for App Viewer Role

CVE-2024-44305 HIGH

macOS < 14.6 - Privilege Escalation to Root

CVE-2024-9159 MEDIUM

gaizhenbiao chuanhuchatgpt - Unauthenticated Server Restart via Improper Admin Check

CVE-2024-9098 MEDIUM

lunary < 1.4.30 - Incorrect Authorization via User Invitation Endpoint

CVE-2024-7039 MEDIUM

open-webui v0.3.8 - Authenticated Administrator Deletion via API Endpoint

CVE-2024-10275 HIGH

lunary-ai/lunary <1.5.5 - Privilege Escalation

CVE-2024-10273 MEDIUM

lunary-ai/lunary v1.5.0 - Privilege Escalation

CVE-2024-10109 HIGH

mintplex-labs/anything-llm <5c40419 - Info Disclosure

CVE-2024-7296 LOW

GitLab 16.5-17.7.6, 17.8-17.8.4, 17.9-17.9.1 - Incorrect Authorization in Membership Approval

Previous Page 44 of 123 Next

Details

Vulnerabilities 3,064

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy