Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,087 vulnerabilities with CWE-863

CVE-2024-23250 MEDIUM

iPadOS < 17.4 - Unauthorized Bluetooth Microphone Access

CVE-2024-28229 MEDIUM

JetBrains YouTrack < 2024.1.25893 - Incorrect Authorization

CVE-2024-0199 HIGH

GitLab 11.3-16.7.6 16.8.3-16.8.3 - Incorrect Authorization Bypass via Crafted Payload in Old Feature Branch

CVE-2024-27915 MEDIUM

Sulu 2.2.0-2.4.16 and 2.5.0-2.5.12 - Incorrect Authorization in Webspace Security System

CVE-2024-27288 MEDIUM

1Panel < 1.10.1-lts - Unauthenticated Incorrect Authorization

CVE-2024-24761 HIGH

Galette 1.0.0-1.0.1 - Incorrect Authorization

CVE-2024-28174 MEDIUM

JetBrains TeamCity < 2023.11.4 - Incorrect Authorization in S3 Artifact Storage Plugin

CVE-2024-27139 HIGH

Apache Archiva <2.0.0 - Unauthorized Access

CVE-2024-27138 HIGH

Apache Archiva - Incorrect Authorization via User Registration Bypass

CVE-2024-20291 MEDIUM

Cisco NX-OS - Unauthenticated Access Control Bypass via Port Channel Subinterface ACL Programming

CVE-2024-25170 CRITICAL

Mezzanine 6.0.0 - Incorrect Authorization via Host Header Manipulation

CVE-2024-26016 MEDIUM

Apache Superset < 3.0.4, 3.1.0 - Authenticated Dashboard Ownership Takeover via Import

CVE-2024-24779 MEDIUM

Apache Superset <3.0.4, >3.1.0-<3.1.1 - Info Disclosure

CVE-2024-24773 MEDIUM

Apache Superset <3.0.4, >3.1.0-<3.1.1 - SQL Injection

CVE-2024-26145 MEDIUM

Discourse Calendar < 2024-02-21 - Incorrect Authorization via Attendance Update Request

CVE-2024-1156 HIGH

Emerson Data Record AD < 2.0.1 - Authenticated Privilege Escalation via RabbitMQ Configuration

CVE-2024-1155 HIGH

SystemLink Elixir - Privilege Escalation

CVE-2024-25604 MEDIUM

Liferay Portal <7.4.3.4 - Privilege Escalation

CVE-2024-25149 MEDIUM

Liferay Digital Experience Platform 7.2.0-7.4.1 - Authenticated Incorrect Authorization via Child Site Membership

CVE-2024-21987 MEDIUM

SnapCenter <5.0 - Privilege Escalation

CVE-2024-0017 MEDIUM

Android - Local Information Disclosure via CameraActivity Permissions Bypass

CVE-2024-1482 HIGH

GitHub Enterprise Server 3.8.0-3.11.9 - Authenticated Arbitrary GitHub Actions Workflow Execution via Branch Creation

CVE-2024-24966 MEDIUM

F5OS-A and F5OS-C - Incorrect Authorization via LDAP Remote Authentication

CVE-2024-24751 MEDIUM

sf_event_mgt 7.0.0-7.3.9 - Improper Access Control in Backend Module

CVE-2024-23833 HIGH

OpenRefine < 3.7.8 - Path Traversal via JDBC Query

Previous Page 61 of 124 Next

Details

Vulnerabilities 3,087

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy