Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,087 vulnerabilities with CWE-863

CVE-2024-39905 MEDIUM

Red-DiscordBot 3.5.0-3.5.9 - Incorrect Authorization via @commands.can_manage_channel()

CVE-2024-6150 MEDIUM

Citrix Provisioning - Unauthenticated Denial of Service via Target VM Availability Disruption

CVE-2024-39871 MEDIUM

SINEMA Remote Connect Server < 3.2 SP1 - Authenticated Privilege Escalation via Device Settings Misconfiguration

CVE-2024-39696 HIGH

evmos < 19.0.0 - Incorrect Authorization via Vesting Account Funder Address

CVE-2024-2231 MEDIUM

2code Himer <= 2.1.1 - Missing Authorization Check

CVE-2024-39324 LOW

ai-admin-graphql 2022.04.1-2022.10.9 - Insufficient Access Control via GraphQL API

CVE-2024-39322 MEDIUM

Aimeos ai-admin-jsonadm < 2020.10.13, 2021.10.6, 2022.10.3, 2023.10.4, 2024.4.2 - Incorrect Authorization

CVE-2024-39323 HIGH

ai-admin-graphql 2022.04.1-2022.10.9, 2023.04.1-2023.10.5, 2024.04.1-2024.04.5 - Improper Access Control

CVE-2024-37905 HIGH

authentik < 2024.2.4 - Improper Access Control via API-Access-Token Mechanism

CVE-2024-39352 MEDIUM

Synology BC500 and TC500 Firmware < 1.0.7-0298 - Authenticated Firmware Integrity Check Bypass

CVE-2024-6086 MEDIUM

lunary 1.2.7 - Incorrect Authorization in Organization Name Change

CVE-2024-5714 MEDIUM

lunary 1.2.4 - Incorrect Authorization via Project ID Manipulation

CVE-2024-3331 MEDIUM

Spotfire Enterprise Runtime for R - Server Edition 1.12.7-1.20.0 - Incorrect Authorization

CVE-2024-6323 HIGH

GitLab EE <16.11.5, <17.0.3, <17.1.1 - Info Disclosure

CVE-2024-4011 LOW

GitLab CE/EE <16.11.5-17.1.1 - Info Disclosure

CVE-2024-5071 MEDIUM

Bookster < 1.1.0 - Incorrect Authorization via Appointment Status Manipulation

CVE-2024-38369 CRITICAL

XWiki Platform - Privilege Escalation

CVE-2024-1639 MEDIUM

License Manager for WooCommerce <= 3.0.6 - Authenticated Arbitrary License Key Exposure via Missing Capability Check

CVE-2024-4390 MEDIUM

Depicter < 3.0.2 - Authenticated Arbitrary Nonce Generation

CVE-2024-38329 HIGH

IBM Storage Protect for Virtual Environments - Auth Bypass

CVE-2024-5860 MEDIUM

Tickera < 3.5.2.9 - Authenticated Unauthorized Data Deletion via tc_dl_delete_tickets AJAX Action

CVE-2024-34130 MEDIUM

Acrobat Mobile Sign <24.4.2.33155 - Auth Bypass

CVE-2024-34106 MEDIUM

Adobe Commerce <2.4.7 - Auth Bypass

CVE-2024-2098 HIGH

Download Manager <= 3.2.89 - Unauthenticated Password-Protected File Download via protectMediaLibrary Function

CVE-2024-37300 HIGH

oauthenticator < 16.3.1 - Incorrect Authorization via GlobusOAuthenticator Configuration

Previous Page 57 of 124 Next

Details

Vulnerabilities 3,087

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy