Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,087 vulnerabilities with CWE-863

CVE-2024-34650 MEDIUM

Samsung Android - Incorrect Authorization in CocktailbarService

CVE-2024-34642 MEDIUM

Samsung Android One UI Home - Incorrect Authorization

CVE-2024-45588 HIGH

Symphony XTS Web Trading Platform 2.0.0.1_P160 - Authenticated Incorrect Authorization in Preference Module API

CVE-2024-45587 HIGH

Symphony XTS Web Trading Platform 2.0.0.1_P160 - Authenticated Incorrect Authorization in Transaction Module API

CVE-2024-45586 HIGH

Symphony XTS Web/Mobile Trading 2.0.0.1_P160 - Account Takeover via API Parameter Manipulation

CVE-2024-45509 MEDIUM

MISP < 2.4.197 - Improper Access Control in BookmarksController

CVE-2024-38868 HIGH

ManageEngine Endpoint Central < 11.3.2400.15 - Incorrect Authorization during Device Isolation

CVE-2024-41964 HIGH

Kirby < 3.6.6.6 - Incorrect Authorization in Language Management

CVE-2024-43954 MEDIUM

Themeum Droip <= 1.1.1 - Incorrect Authorization

CVE-2024-45043 MEDIUM

OpenTelemetry Collector - Unauthenticated RCE

CVE-2024-45037 MEDIUM

AWS Cloud Development Kit 2.142.0-2.148.0 - Incorrect Authorization via RestApi Construct with CognitoUserPoolAuthorizer

CVE-2024-8011 MEDIUM

Logitech Options+ <1.72 - Code Injection

CVE-2024-38869 HIGH

ManageEngine Endpoint Central < 11.3.2416.04 & < 11.3.2400.25 - Incorrect Authorization

CVE-2024-42773 CRITICAL

Kashipara Hotel Management System <1.0 - Info Disclosure

CVE-2024-3127 MEDIUM

GitLab EE <17.1.6-17.2.4-17.3.1 - Auth Bypass

CVE-2024-7836 MEDIUM

Themify Builder <= 7.6.1 - Authenticated Unauthorized Post Duplication via duplicate_page_ajaxify

CVE-2024-20466 MEDIUM

Cisco Identity Services Engine - Authenticated Sensitive Information Exposure via Web Management Interface

CVE-2024-7604 HIGH

Logsign Unified SecOps Platform - Authentication Bypass via License Expiration Validation

CVE-2024-7711 MEDIUM

GitHub Enterprise Server 3.11.0-3.11.13 - Incorrect Authorization in Public Repository Issue Updates

CVE-2024-6337 MEDIUM

GitHub Enterprise Server <3.14 - Incorrect Authorization

CVE-2024-31842 HIGH

Italtel Embrace 1.6.4 - Info Disclosure

CVE-2024-39690 HIGH

Capsule < 0.7.1 - Incorrect Authorization via Namespace Patch

CVE-2024-43250 HIGH

Bit Apps Bit Form Pro <2.6.4 - Info Disclosure

CVE-2024-42966 CRITICAL

TOTOLINK N350RT V9.3.5u.6139_B20201216 - Info Disclosure

CVE-2024-7624 HIGH

Zephyr Project Manager <= 3.3.101 - Authenticated Privilege Escalation via update_user_access()

Previous Page 55 of 124 Next

Details

Vulnerabilities 3,087

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy