Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,087 vulnerabilities with CWE-863

CVE-2024-1738 HIGH

lunary < 1.2.4 - Unauthenticated Incorrect Authorization in Evaluations API Endpoint

CVE-2024-31990 MEDIUM

Argo CD <2.10.7-2.8.16 - Privilege Escalation

CVE-2024-1307 MEDIUM

Smart Forms < 2.6.94 - Incorrect Authorization

CVE-2024-27309 HIGH

Apache Kafka 3.5.0-3.6.1 and kafka-metadata 3.5.0-3.6.2 - Incorrect Authorization during ZooKeeper to KRaft Migration

CVE-2024-3388 MEDIUM

Palo Alto Networks PAN-OS - Privilege Escalation

CVE-2024-1741 CRITICAL

lunary < 1.2.8 - Unauthenticated Improper Authorization via Old Authorization Token

CVE-2024-1740 CRITICAL

lunary < 1.2.7 - Incorrect Authorization via Uninvalidated Authorization Token

CVE-2024-30260 LOW

undici < 5.28.4 - Improper Authorization via Uncleared Headers in undici.request()

CVE-2024-29834 MEDIUM

Apache Kafka - Privilege Escalation

CVE-2024-31134 MEDIUM

JetBrains TeamCity < 2024.03 - Authenticated User Registration Bypass

CVE-2024-29892 MEDIUM

ZITADEL <2.48.3 - Command Injection

CVE-2024-23451 MEDIUM

Elasticsearch 8.10.0-8.12.2 - Incorrect Authorization in Remote Cluster Security API Key Model

CVE-2024-2915 HIGH

Dovolations Server <2024.1.6 - Privilege Escalation

CVE-2024-27933 HIGH

Deno 1.39.0 - Permission Prompt Bypass via File Descriptor Manipulation

CVE-2024-27105 HIGH

Frappe <14.66.3-15.16.0 - Privilege Escalation

CVE-2024-28394 CRITICAL

Advanced Plugins reportsstatistics <1.3.20 - RCE

CVE-2024-22412 LOW

ClickHouse <24.0.2.54535 - Auth Bypass

CVE-2024-2557 MEDIUM

kishor-23 Food Waste Management System 1.0 - Improper Authorization in /admin/admin.php

CVE-2024-23823 MEDIUM

vantage6 < 4.2.1 and >=0 < 4.3.0 - Permissive Cross-domain Security Policy

CVE-2024-1479 MEDIUM

WP Show Posts <1.1.4 - Info Disclosure

CVE-2024-1452 MEDIUM

GenerateBlocks <1.8.2 - Info Disclosure

CVE-2024-28098 MEDIUM

Apache Pulsar 2.7.1-2.10.5 2.11.0-2.11.3 3.0.0-3.0.2 3.1.0-3.1.2 3.2.0 - Authenticated Incorrect Authorization

CVE-2024-22133 MEDIUM

SAP Fiori Front End Server - version 605 - Info Disclosure

CVE-2024-23262 LOW

iPadOS < 16.7.6 and 17.4 - Incorrect Authorization

CVE-2024-23255 LOW

iPadOS < 17.4 and macOS 14.0-14.4 - Unauthenticated Hidden Photos Album Access

Previous Page 60 of 124 Next

Details

Vulnerabilities 3,087

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy