Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,070 vulnerabilities with CWE-863

CVE-2024-54010 LOW

HPE Aruba Networking CX 10000 Series Switches - DoS

CVE-2024-39025 HIGH

letta - Incorrect Authorization in /users Endpoint

CVE-2024-47157 LOW

Honor MagicOS 8.0-8.0.0.135 - Incorrect Authorization

CVE-2024-47148 MEDIUM

Honor <version> - Privilege Escalation

CVE-2024-56431 CRITICAL

Theora < 1.2.0 - Invalid Negative Left Shift in oc_huff_tree_unpack

CVE-2024-47102 MEDIUM

IBM AIX 7.2-7.3 and VIOS 3.1-4.1 - Denial of Service via perfstat Kernel Extension

CVE-2024-56350 MEDIUM

JetBrains TeamCity < 2024.12 - Unauthorized Project Access via Build Credentials

CVE-2024-56348 MEDIUM

JetBrains TeamCity < 2024.12 - Incorrect Authorization

CVE-2024-12831 HIGH

Arista NG Firewall - Privilege Escalation via uvm_login Incorrect Authorization

CVE-2024-12539 MEDIUM

Elasticsearch 8.16.0-8.16.1 - Incorrect Authorization Bypass of Document Level Security

CVE-2024-51479 HIGH

Next.js 9.5.5-14.2.14 - Improper Authorization via Pathname-Based Middleware Bypass

CVE-2024-54662 CRITICAL

Dante 1.4.0-1.4.3 - Privilege Escalation

CVE-2024-9654 LOW

Easy Digital Downloads 3.1-3.3.4 - Unauthenticated Improper Authorization via 'verify_guest_email' Function

CVE-2024-37775 HIGH

Sunbird DCIM dcTrack 9.1.2 - Incorrect Authorization via Ticket Location Update

CVE-2024-8650 MEDIUM

GitLab CE/EE <17.4.6-17.6.2 - Info Disclosure

CVE-2024-8116 MEDIUM

GitLab CE/EE <17.4.6-17.6.2 - Info Disclosure

CVE-2024-55662 CRITICAL

XWiki 3.3-15.10.8 - Unauthenticated Remote Code Execution via Extension Repository Application

CVE-2024-55633 MEDIUM

Apache Superset < 4.1.0 - Incorrect Authorization via SQL DML Statement

CVE-2024-10043 LOW

GitLab EE <17.4.6-17.6.2 - Info Disclosure

CVE-2024-54495 MEDIUM

macOS < 14.7.2 and < 15.2 - Unprotected User Data Exposure via Path Handling Issue

CVE-2024-53949 MEDIUM

Apache Superset <4.1.0 - Auth Bypass

CVE-2024-55579 HIGH

Qlik Sense Enterprise for Windows <November 2024 IR - Code Injection

CVE-2024-12247 MEDIUM

Mattermost 9.7.0-9.7.5 9.8.0-9.8.2 9.9.0-9.9.2 - Incorrect Authorization via Permission Scheme Update Propagation

CVE-2024-12196 MEDIUM

Devolutions Server < 2024.3.8.0 - Authenticated Incorrect Authorization in Permission Component

CVE-2024-12148 MEDIUM

Devolutions Server < 2024.3.7.0 - Authenticated Incorrect Authorization in Permission Validation

Previous Page 47 of 123 Next

Details

Vulnerabilities 3,070

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy