Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,041 vulnerabilities with CWE-863

CVE-2026-6341 MEDIUM

Mattermost Plugins - Incorrect Authorization via Direct API Requests

CVE-2026-4273 LOW

Insufficient token rotation validation in remote cluster invite confirmation

CVE-2026-28759 MEDIUM

Mattermost Shared Channel Sync - Unauthorized Member Removal

CVE-2026-45316 LOW

Open WebUI: Read-Only Users Can Toggle Note Pin Status via Incorrect Permission Check (Write via Read-Only Access)

CVE-2026-44567 HIGH

Open WebUI: Open WebUI Improper Authorization Control

CVE-2026-45672 HIGH

Open WebUI: Jupyter code execution works despite `ENABLE_CODE_EXECUTION=false` — feature gate bypassed

CVE-2026-45339 MEDIUM

Open WebUI: API key endpoint restrictions bypassed via `x-api-key` header — full message processing on restricted endpoints

CVE-2026-44564 MEDIUM

Open WebUI: Read-Only Users Can Modify Collaborative Documents via Socket.IO

CVE-2026-44561 MEDIUM

Open WebUI: Deactivated Channel Members Retain Full Access to Group/DM Channels

CVE-2026-44557 MEDIUM

Open WebUI: Global Knowledge Base Enumeration via knowledge-bases Meta-Collection

CVE-2026-46366 HIGH

phpMyFAQ - Unauthenticated Information Disclosure via getIdFromSolutionId Permission Bypass

CVE-2026-46362 MEDIUM

phpMyFAQ - Authorization Bypass in Admin Pages via Non-Terminating Permission Check

CVE-2026-45009 MEDIUM

phpMyFAQ - Insufficient Authorization Check in Admin API Endpoints

CVE-2026-45148 MEDIUM

SiYuan: Broken access control in SiYuan publish-mode Readers can enumerate metadata

CVE-2026-44633 HIGH

Live Helper Chat: REST API chat update accepts arbitrary chat fields across department boundaries

CVE-2026-44283 NONE

etcd: Read access via PrevKv in etcd transactions may bypass RBAC authorization checks

CVE-2026-42572 MEDIUM

Hatchet: Cross-tenant information disclosure in `listTasksByDAGIds`

CVE-2026-41888 MEDIUM

Distribution: Tag deletion bypasses `storage.delete.enabled` configuration

CVE-2026-44374 MEDIUM

Backstage: Catalog unprocessed read endpoints allow authenticated cross-owner data access without permission checks

CVE-2026-32991 HIGH

cPanel 11.110.0.0-11.136.0.9 - Incorrect Authorization

CVE-2026-44380 HIGH

MISP: Improper access control in auth key reset allows privilege escalation to site administrator

CVE-2026-42032 CRITICAL

CKAN: Unauthenticated Authorization Bypass in `datastore_search_sql`

CVE-2026-43999 CRITICAL

vm2: NodeVM builtin allowlist bypass via `module` builtin's `Module._load` allows sandbox escape

CVE-2026-44573 HIGH

Next.js: Middleware / Proxy bypass in Pages Router applications using i18n

CVE-2026-41050 CRITICAL

Helm impersonation bypass of `RESTClientGetter` retains `cluster-admin` during template rendering

Previous Page 6 of 122 Next

Details

Vulnerabilities 3,041

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy