Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,041 vulnerabilities with CWE-863

CVE-2026-44832 HIGH

Snipe-IT: Privilege Escalation via API Permissions Assignment

CVE-2026-3660 CRITICAL

IBM Engineering Lifecycle Management - Jazz Foundation is vulnerable to Authentication Bypass

CVE-2026-44314 MEDIUM

Traccar: Missing edit authorization on device image upload allows read-only users to write files

CVE-2026-8046 HIGH

Incorrect Authorization in CODESYS Control

CVE-2026-9350 HIGH

NousResearch hermes-agent Batch Runner approval.py check_all_command_guards authorization

CVE-2026-6406 HIGH

Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag

CVE-2026-40166 HIGH

authentik: Non-admin user can retrieve confidential OAuth client_secret via /api/v3/oauth2/access_tokens/

CVE-2026-39966 MEDIUM

TypeBot: Async filter() bypasses authorization, allowing IDOR in getLinkedTypebots and leaking cross-workspace bot definitions

CVE-2026-28735 MEDIUM

Mattermost - GitHub OAuth Scope Validation

CVE-2026-46595 CRITICAL

Invoking VerifiedPublicKeyCallback permissions skip enforcement in golang.org/x/crypto/ssh

CVE-2026-8350 HIGH

Concrete Cms < 9.5.0 - Privilege Escalation

CVE-2026-47102 HIGH

LiteLLM < 1.83.10 Privilege Escalation via User Update

CVE-2026-47101 HIGH

LiteLLM < 1.83.14 Privilege Escalation via API Key Generation

CVE-2026-4055 MEDIUM

Insufficient permission validation on cross-team playbook run creation

CVE-2026-20238 MEDIUM

Improper Access Control through Role Inheritance in Splunk AI Toolkit app

CVE-2026-34600 MEDIUM

Joplin Server delta API returns note content after share access is revoked

CVE-2026-34579 MEDIUM

MantisBT <2.28.2 Private Issue Monitoring - Authorization Bypass

CVE-2026-42526 MEDIUM

Apache Airflow Amazon provider: Prevent unauthorized access to team-scoped secrets in AWS Secrets Manager and SSM Parameter Store backends

CVE-2026-41470 MEDIUM

LIVE555 < 2026.04.22 RTSP Server Authorization Bypass via Session Token

CVE-2026-42096 HIGH

Broken Access Control in Sparx Pro Cloud Server

CVE-2026-21789 MEDIUM

HCL Connections is vulnerable to broken access control

CVE-2026-6343 MEDIUM

Mattermost Playbooks Plugin - Public Playbook Unauthorized Access

CVE-2026-4286 LOW

Mattermost Playbooks Plugin - Unauthorized Team Transfer

CVE-2026-28732 MEDIUM

Mattermost 10.11.0-10.11.13 11.4.0-11.4.3 11.5.0-11.5.1 - Slash Command Hijacking via Trigger-Word Bypass

CVE-2026-6342 MEDIUM

Mattermost Plugins - Incorrect Authorization via Namespace Prefix Bypass

Previous Page 5 of 122 Next

Details

Vulnerabilities 3,041

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy