Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,070 vulnerabilities with CWE-863

CVE-2024-9098 MEDIUM

lunary < 1.4.30 - Incorrect Authorization via User Invitation Endpoint

CVE-2024-7039 MEDIUM

open-webui v0.3.8 - Authenticated Administrator Deletion via API Endpoint

CVE-2024-10275 HIGH

lunary-ai/lunary <1.5.5 - Privilege Escalation

CVE-2024-10273 MEDIUM

lunary-ai/lunary v1.5.0 - Privilege Escalation

CVE-2024-10109 HIGH

mintplex-labs/anything-llm <5c40419 - Info Disclosure

CVE-2024-7296 LOW

GitLab 16.5-17.7.6, 17.8-17.8.4, 17.9-17.9.1 - Incorrect Authorization in Membership Approval

CVE-2024-55592 LOW

FortiSIEM 5.3.0-7.2.4 - Authenticated Incorrect Authorization via Crafted HTTP Requests

CVE-2024-45328 HIGH

FortiSandbox <4.4.7 - Privilege Escalation

CVE-2024-2321 MEDIUM

WSO2 API Manager and Identity Server - Incorrect Authorization via Refresh Token

CVE-2024-5705 HIGH

Pentaho Business Analytics Server <10.2.0.0-9.3.0.9 - Privilege Esc...

CVE-2024-45081 MEDIUM

IBM Cognos Controller 11.0.0-11.0.1 FP3 & 11.1.0 - Privilege Escala...

CVE-2024-39328 MEDIUM

Atos Eviden IDRA & IDCA <2.7.0 - Privilege Escalation

CVE-2024-57969 MEDIUM

MISP < 2.4.198 - Incorrect Authorization in Attribute Search

CVE-2024-54916 MEDIUM

Telegram Android APK <11.7.0 - Privilege Escalation

CVE-2024-57434 HIGH

macrozheng mall-tiny 1.0.1 - Incorrect Access Control

CVE-2024-23929 HIGH

Pioneer DMH-WT7600NEX Firmware - Authenticated Arbitrary File Write via Telematics Path Traversal

CVE-2024-57438 MEDIUM

RuoYi 4.8.0 - Authenticated Privilege Escalation via Insecure Role Assignment

CVE-2024-41140 HIGH

ManageEngine Applications Manager <= 174000 - Incorrect Authorization in Update User Function

CVE-2024-54530 CRITICAL

Apple iPadOS < 18.2 - Incorrect Authorization in Password Autofill

CVE-2024-54512 CRITICAL

iPadOS < 18.2 - Unauthorized User Fingerprinting via System Binary

CVE-2024-54488 MEDIUM

iPhone OS < 18.2 - Unauthenticated Hidden Photos Album Access

CVE-2024-44172 LOW

macOS < 13.7.3, < 14.7.3, < 15 - Unprotected User Data Exposure via Log Entry Redaction

CVE-2024-22316 MEDIUM

IBM Sterling File Gateway <6.1.2.5, <6.2.0.1 - Privilege Escalation

CVE-2024-42013 MEDIUM

GRAU DATA Blocky <3.1 - Privilege Escalation

CVE-2024-51417 MEDIUM

System.Linq.Dynamic.Core < 1.6.0 - Unauthenticated Remote Property Access via Reflection

Previous Page 45 of 123 Next

Details

Vulnerabilities 3,070

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy