Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

2,832 vulnerabilities with CWE-863

CVE-2026-27447 MEDIUM

OpenPrinting CUPS: Authorization bypass via case-insensitive group-member lookup

CVE-2026-33105 CRITICAL

Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability

CVE-2026-32213 CRITICAL

Azure AI Foundry Elevation of Privilege Vulnerability

CVE-2026-32173 HIGH

Azure SRE Agent Information Disclosure Vulnerability

CVE-2026-34376 HIGH

PdfDing: Password-protected share bypass via direct serve endpoint

CVE-2026-34453 HIGH

SiYuan: Broken access control in /api/bookmark/getBookmark allows unauthenticated publish visitors to read password-protected bookmarked content

CVE-2026-34586 MEDIUM

PdfDing: Shared PDF Expiration, Max Views, and Deletion Bypass via Serve/Download Endpoints

CVE-2026-32726 HIGH

SciTokens C++: Sibling-Path Authorization Bypass

CVE-2026-34532 CRITICAL

Parse Server: Cloud function validator bypass via prototype chain traversal

CVE-2026-33579 CRITICAL

OpenClaw < 2026.3.28 - Privilege Escalation via Missing Caller Scope Validation in Device Pair Approval

CVE-2026-33578 MEDIUM

OpenClaw < 2026.3.28 - Sender Policy Allowlist Bypass via Policy Downgrade in Google Chat and Zalouser Extensions

CVE-2026-33577 HIGH

OpenClaw < 2026.3.28 - Insufficient Scope Validation in node.pair.approve

CVE-2026-33576 MEDIUM

OpenClaw < 2026.3.28 - Unauthorized Media Download via Zalo Channel

CVE-2026-34509 MEDIUM

OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configuration

CVE-2026-34506 MEDIUM

OpenClaw < 2026.3.8 - Sender Allowlist Bypass in Microsoft Teams Plugin via Route Allowlist Configuration

CVE-2026-24029 MEDIUM

DNS over HTTPS ACL bypass

CVE-2026-0562 HIGH

Insecure Direct Object Reference (IDOR) in parisneo/lollms

CVE-2026-32978 HIGH

OpenClaw < 2026.3.11 - Approval Bypass via Unrecognized Script Runners

CVE-2026-32972 HIGH

OpenClaw < 2026.3.11 - Authorization Bypass in Browser Profile Management via browser.request

CVE-2026-32924 CRITICAL

OpenClaw < 2026.3.12 - Authorization Bypass via Misclassified Reaction Events in Feishu

CVE-2026-32923 MEDIUM

OpenClaw < 2026.3.11 - Authorization Bypass in Discord Guild Reaction Allowlist Enforcement

CVE-2026-32919 MEDIUM

OpenClaw < 2026.3.11 - Unauthorized Session Reset via agent Slash Commands

CVE-2026-32918 HIGH

OpenClaw < 2026.3.11 - Session Sandbox Escape via session_status Tool

CVE-2026-32915 HIGH

OpenClaw < 2026.3.11 - Sandbox Boundary Bypass via Subagent Control Surface

CVE-2026-32914 HIGH

OpenClaw < 2026.3.12 - Insufficient Access Control in /config and /debug Endpoints

Previous Page 5 of 114 Next

Details

Vulnerabilities 2,832

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy