Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,087 vulnerabilities with CWE-863

CVE-2024-5258 MEDIUM

GitLab 16.10-16.10.5, 16.11-16.11.2, 17.0 - Authenticated Authorization Bypass via Pipeline Naming Convention

CVE-2024-27312 HIGH

Zohocorp ManageEngine PAM360 6600 - Privilege Escalation

CVE-2024-3745 HIGH

MSI Afterburner v4.6.6.16381 Beta 3 - Privilege Escalation

CVE-2024-34434 MEDIUM

WordPress MDTF <1.3.3.2 - Code Injection

CVE-2024-35187 CRITICAL

Stalwart Mail Server <0.8.0 - Privilege Escalation

CVE-2024-31409 MEDIUM

CyberPower PowerPanel < 4.9.0 - Incorrect Authorization via MQTT Wildcard Access

CVE-2024-3722 MEDIUM

Swift Performance Lite <2.3.6.18 - Auth Bypass

CVE-2024-34701 MEDIUM

MediaWiki Extension - Info Disclosure

CVE-2024-31441 HIGH

DataEase < 1.18.19 - Arbitrary File Read via ClickHouse Data Source Connection Parameters

CVE-2024-27798 HIGH

macOS Sonoma <14.5 - Privilege Escalation

CVE-2024-34346 HIGH

Deno < 1.43.1 - Incorrect Authorization via Privileged File Access

CVE-2024-0043 HIGH

Android - Incorrect Authorization in Notification Listener Grant

CVE-2024-28148 MEDIUM

Apache Superset < 3.1.2 - Authenticated Incorrect Authorization via REST API Request

CVE-2024-3957 MEDIUM

Booster for WooCommerce <= 7.1.8 - Unauthenticated Arbitrary Shortcode Execution

CVE-2024-1677 MEDIUM

Print Labels with Barcodes < 3.4.6 - Authenticated Missing Authorization in AJAX Functions

CVE-2024-34146 MEDIUM

Jenkins Git server Plugin <114.v068a_c7cc2574 - Privilege Escalation

CVE-2024-2378 HIGH

Hitachi Energy SDM600 - Incorrect Authorization in Web-Authentication Component

CVE-2024-4006 MEDIUM

GitLab CE/EE <16.9.6/<16.10.4/<16.11.1 - Info Disclosure

CVE-2024-28627 HIGH

Flipsnack <18/03/2024 - Info Disclosure

CVE-2024-32470 MEDIUM

Tolgee 3.57.2-3.57.4 - Incorrect Authorization via Admin API Key

CVE-2024-31452 HIGH

OpenFGA 1.5.0-1.5.3 - Authorization Bypass via Exclusion or Intersection in Check or ListObjects APIs

CVE-2024-27086 LOW

Microsoft.Identity.Client 4.48.0-4.60.0 - Local Denial of Service via Activity Export Misconfiguration

CVE-2024-21120 MEDIUM

Oracle Outside In Technology 8.5.6 and 8.5.7 - Incorrect Authorization

CVE-2024-21083 HIGH

Oracle BI Publisher 7.0.0.0.0 and 12.2.1.4.0 - Authenticated Remote Code Execution via Script Engine

CVE-2024-21010 CRITICAL

Oracle Hospitality Simphony 19.1.0-19.5.4 - Authenticated Remote Code Execution via HTTP

Previous Page 59 of 124 Next

Details

Vulnerabilities 3,087

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy