Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

2,832 vulnerabilities with CWE-863

CVE-2026-33884 MEDIUM

Statamic's live preview token bypasses content protection for unrelated entries

CVE-2026-33869 MEDIUM

Mastodon has a denial of service for quote authorization

CVE-2026-34364 MEDIUM

AVideo has User Group-Based Category Access Control Bypass via Missing and Broken Group Filtering in categories.json.php

CVE-2026-33726 MEDIUM

Cilium L7 proxy may bypass Kubernetes NetworkPolicy for same-node traffic

CVE-2026-4933 HIGH

Unpublished Node Permissions - Critical - Access bypass - SA-CONTRIB-2026-029

CVE-2026-3573 HIGH

AI (Artificial Intelligence) - Moderately critical - Information Disclosure - SA-CONTRIB-2026-028

CVE-2026-3526 MEDIUM

File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-021

CVE-2026-3525 MEDIUM

File Access Fix (deprecated) - Moderately critical - Access bypass - SA-CONTRIB-2026-020

CVE-2026-33477 MEDIUM

FileRise has incorrect authorization in /api/file/snippet.php allows read_own users to read other users’ file content

CVE-2026-3115 MEDIUM

Guest users can view group member IDs without respecting view restrictions

CVE-2026-33470 MEDIUM

Frigate has cross-camera snapshot disclosure via unrestricted timeline IDs and missing authorization in /api/events/{event_id}/snapshot-clean.webp

CVE-2026-33469 MEDIUM

Authenticated Frigate users can read the full unredacted configuration via `/api/config/raw

CVE-2026-33015 MEDIUM

EVerest has RemoteStop Bypass via BCB Toggle Session Restart

CVE-2026-33014 MEDIUM

EVerest has Delayed Authorization Response Bypasses Termination After RemoteStop

CVE-2026-29044 MEDIUM

EVerest: Charging Continues When WithdrawAuthorization Is Processed Before TransactionStarted

CVE-2026-33343 NONE

etcd: Nested etcd transactions bypass RBAC authorization checks

CVE-2026-4274 MEDIUM

Insufficient authorization in shared channel membership sync grants team-level access instead of channel-level access

CVE-2026-4263 MEDIUM

Incorrect authorization in HiJiffy Chatbot

CVE-2026-4262 MEDIUM

Incorrect authorization in HiJiffy Chatbot

CVE-2026-33249 MEDIUM

NATS: Message tracing can be redirected to arbitrary subject

CVE-2026-33217 HIGH

NATS allows MQTT clients to bypass ACL checks

CVE-2026-33722 MEDIUM

n8n Has External Secrets Authorization Bypass in Credential Saving

CVE-2026-33720 MEDIUM

n8n Has Authorization Bypass in OAuth Callback via N8N_SKIP_AUTH_ON_OAUTH_CALLBACK

CVE-2026-2726 MEDIUM

Incorrect Authorization in GitLab

CVE-2026-3210 MEDIUM

Material Icons - Moderately critical - Access bypass - SA-CONTRIB-2026-011

Previous Page 6 of 114 Next

Details

Vulnerabilities 2,832

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy