Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,087 vulnerabilities with CWE-863

CVE-2024-43131 HIGH

WPWeb Docket <1.7.0 - Info Disclosure

CVE-2024-41941 MEDIUM

SINEC NMS < 3.0 - Authenticated Authorization Bypass

CVE-2024-41939 HIGH

SINEC NMS < 3.0 - Authenticated Privilege Escalation via Improper Authorization

CVE-2024-42473 HIGH

OpenFGA 1.5.7-1.5.8 - Authorization Bypass via Check API with 'but not' and 'from' Expressions

CVE-2024-7266 MEDIUM

Naukowa i Akademicka Sie Komputerowa EZD RP 15-15.83 16-16.14 17-17.1 - Authenticated Incorrect User Management

CVE-2024-7265 HIGH

Naukowa i Akademicka Sie Komputerowa EZD RP 15-15.83, 16-16.14, 17-17.1 - Privilege Escalation via Password Change

CVE-2024-42062 HIGH

Apache CloudStack 4.10.0-4.19.1.0 - Authenticated Privilege Escalation via API Key Query

CVE-2024-7004 MEDIUM

Google Chrome < 127.0.6533.72 - Discretionary Access Control Bypass via Safe Browsing Input Validation

CVE-2024-6358 MEDIUM

OpenText ArcSight Intelligence - Auth Bypass

CVE-2024-6202 CRITICAL

HaloITSM < 2.143.61 - Unauthenticated SAML XML Signature Wrapping

CVE-2024-6782 CRITICAL

Calibre 6.9.0-7.14.0 - Unauthenticated RCE

CVE-2024-40530 HIGH

Pantera CRM 401.152 and 402.072 - Unauthenticated Authorization Bypass via X-Forwarded-For Header

CVE-2024-38856 CRITICAL KEV

Apache OFBiz forgotPassword/ProgramExport RCE

CVE-2024-38884 HIGH

Caterease 16.0.1.1663-24.0.1.2405 - Authentication Bypass via Improper Security Checks

CVE-2024-6695 CRITICAL

Cozmoslabs Profile Builder <= 3.11.9 - Privilege Escalation

CVE-2024-41670 HIGH

PrestaShop <6.4.2, <3.18.1 - Info Disclosure

CVE-2024-7062 HIGH

Nimble Commander < 1.6.1 - Privilege Escalation via Files.PrivilegedIOHelperV2

CVE-2024-4447 CRITICAL

dotCMS core 4.2.1-23.01.20 - Authenticated Information Disclosure and Privilege Escalation via DWR Endpoints

CVE-2024-4811 LOW

Octopus Server 2023.1.4189-2023.4.8608 - Incorrect Authorization

CVE-2024-36536 CRITICAL

Fabedge v0.8.1 - Privilege Escalation

CVE-2024-41110 CRITICAL

Docker 19.03.0-27.1.0 - Authorization Bypass via API Request Body Omission

CVE-2024-31970 HIGH

AdTran SRG 834-5 HDC17600021F1 - Privilege Escalation

CVE-2024-21149 HIGH

Oracle Enterprise Asset Management 12.2.11-12.2.13 - Incorrect Authorization in Work Definition Issues

CVE-2024-5817 MEDIUM

GitHub Enterprise Server < 3.14 - Incorrect Authorization via GitHub Projects

CVE-2024-5816 MEDIUM

GitHub Enterprise Server < 3.14 - Incorrect Authorization via Scoped User Access Token

Previous Page 56 of 124 Next

Details

Vulnerabilities 3,087

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy