Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,087 vulnerabilities with CWE-863

CVE-2024-36265 CRITICAL

Apache Submarine Server Core <0.8.0 - Incorrect Authorization

CVE-2024-2698 HIGH

FreeIPA 4.11.0-4.11.2 - Incorrect Authorization in S4U2Proxy Delegation Check

CVE-2024-0160 MEDIUM

Dell Client Platform Firmware - Unauthenticated BIOS Authorization Bypass via Physical Access

CVE-2024-31402 MEDIUM

Cybozu Garoon 5.0.0-5.15.2 - Authenticated Incorrect Authorization in Shared To-Dos

CVE-2024-31403 MEDIUM

Cybozu Garoon 5.0.0-6.0.0 - Authenticated Incorrect Authorization in Memo Data Handling

CVE-2024-2473 MEDIUM

WPS Hide Login <= 1.9.15.2 - Login Page Disclosure

CVE-2024-27848 HIGH

macOS Sonoma <14.5 - Privilege Escalation

CVE-2024-4146 CRITICAL

lunary < 1.2.26 - Incorrect Authorization in checkProjectAccess Method

CVE-2024-3404 MEDIUM

gaizhenbiao/chuanhuchatgpt < 20240919-4 - Authenticated Incorrect Authorization via History Path Access

CVE-2024-37154 MEDIUM

evmos - Improper Authorization in ClawbackVestingAccount

CVE-2024-3504 MEDIUM

lunary-ai/lunary <1.2.7 - Privilege Escalation

CVE-2024-3033 CRITICAL

AnythingLLM < 1.0.0 - Unauthenticated Destructive VectorDB Actions via /api/v/ Endpoint

CVE-2024-5324 HIGH

WordPress Login/Signup Popup <2.7.2 - Info Disclosure

CVE-2024-23669 MEDIUM

FortiWebManager 6.2.3-6.2.4, 6.3.0, 7.0.0-7.0.4, 7.2.0 - Unauthenticated Remote Code Execution via HTTP Requests or CLI

CVE-2024-31682 CRITICAL

Phone Cleaner: Boost & Clean <2.2.0 - Auth Bypass

CVE-2024-32983 HIGH

Misskey < 2024.5.0 - Activity Spoofing via Improper JSON Normalization

CVE-2024-36963 HIGH

Linux Kernel - Incorrect Authorization in tracefs Remount Permission Handling

CVE-2024-35353 CRITICAL

Dio Physics School Assistant 2.3 - Incorrect Authorization via Users.php ID Parameter

CVE-2024-36377 MEDIUM

JetBrains TeamCity <2024.03.2 - Privilege Escalation

CVE-2024-36376 MEDIUM

JetBrains TeamCity <2024.03.2 - Privilege Escalation

CVE-2024-36365 MEDIUM

JetBrains TeamCity <2022.04.7,2022.10.6,2023.05.6,2023.11.5,2024.03...

CVE-2024-36364 MEDIUM

JetBrains TeamCity <2022.04.7,2022.10.6,2023.05.6,2023.11.5 - Info ...

CVE-2024-36037 MEDIUM

Zoho ManageEngine ADAudit Plus <7260 - Info Disclosure

CVE-2024-36055 MEDIUM

Marvin Test HW.exe < 5.0.5.0 - Unauthenticated Denial of Service via MmMapIoSpace API

CVE-2024-1803 MEDIUM

EmbedPress < 3.9.12 - Authenticated Unauthorized Access via PDF Embed Block

Previous Page 58 of 124 Next

Details

Vulnerabilities 3,087

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy