Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,070 vulnerabilities with CWE-863

CVE-2024-9693 HIGH

GitLab 16.0-17.3.6, 17.4-17.4.3, 17.5-17.5.1 - Incorrect Authorization for Kubernetes Agent Access

CVE-2024-45877 MEDIUM

baltic-it TOPqw Webportal v1.35.283.2 - Privilege Escalation

CVE-2024-8001 MEDIUM

VIWIS LMS 9.11 - Missing Authorization in Print Handler

CVE-2024-50310 HIGH

SIMATIC CP 1543-1 Firmware 4.0.44-4.0.50 - Unauthenticated Filesystem Access via Incorrect Authorization

CVE-2024-43433 MEDIUM

Moodle 4.3.0-4.3.5 and 4.4.0-4.4.1 - Incorrect Authorization in Matrix Room Membership

CVE-2024-42000 LOW

Mattermost 9.5.0-9.5.9, 9.10.0-9.10.2, 9.11.0-9.11.1, 10.0.0 - Incorrect Authorization via /api/v4/channels

CVE-2024-52314 MEDIUM

data.all 1.0.0-2.6.0 - Unauthorized Data Extraction via CloudWatch Log Scanning

CVE-2024-52312 MEDIUM

data.all 1.0.0-2.6.0 - Authenticated Incorrect Authorization

CVE-2024-10953 MEDIUM

data.all 1.0.0-2.6.0 - Authenticated Incorrect Authorization

CVE-2024-44765 MEDIUM

MGT-COMMERCE GmbH CloudPanel <2.4.2 - Auth Bypass

CVE-2024-10975 HIGH

Nomad 1.3.0-1.7.14, 1.8.0-1.9.1 - Unauthorized Cross-Namespace Volume Creation via CSI Write Permission

CVE-2024-20537 MEDIUM

Cisco Identity Services Engine - Authenticated Authorization Bypass via Crafted HTTP Request

CVE-2024-9902 MEDIUM

ansible-core < 2.14.18rc1 - Unauthenticated Arbitrary File Write via User Module

CVE-2024-48176 CRITICAL

lylme_spage 1.9.5 - Incorrect Access Control via Login Brute Force

CVE-2024-30616 HIGH

Chamilo LMS 1.11.26 - Incorrect Access Control via Profile Endpoint

CVE-2024-45164 HIGH

Akamai Secure Internet Access Enterprise ThreatAvert - Incorrect Permission Assignment in ThreatAvert Policy Page

CVE-2024-49256 MEDIUM

WP Chill Htaccess File Editor <= 1.0.18 - Incorrect Authorization

CVE-2024-49501 MEDIUM

OMRON Corporation SYSMAC-SE2 - Incorrect Authorization

CVE-2024-51426 HIGH

PepeGxng - Unspecified Impact

CVE-2024-51425 HIGH

WaterToken - Info Disclosure

CVE-2024-50419 MEDIUM

Greenshift Animation and Page Builder Blocks <= 9.7 - Incorrect Authorization

CVE-2024-48921 LOW

Kyverno < 1.13.0 - Improper Authorization via PolicyException Namespace Bypass

CVE-2024-44217 CRITICAL

iPadOS < 18.0 - Incorrect Authorization in Password Autofill

CVE-2024-44301 MEDIUM

macOS < 13.7.1, < 14.7.1, < 15.1 - Unauthorized File System Modification

CVE-2024-44289 HIGH

macOS < 13.7.1, < 14.7.1, < 15.1 - Unprotected Sensitive Location Data Exposure via Log Entries

Previous Page 49 of 123 Next

Details

Vulnerabilities 3,070

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy