Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,087 vulnerabilities with CWE-863

CVE-2024-25108 CRITICAL

Pixelfed 0.10.4-0.11.9 - Insufficient Permission Validation

CVE-2024-24774 LOW

Mattermost Jira Plugin - Info Disclosure

CVE-2024-24824 HIGH

Graylog 2.0.0-5.1.10 - Authenticated Remote Code Execution via Cluster Config Endpoint

CVE-2024-20828 LOW

Samsung Internet <24.0 - Info Disclosure

CVE-2024-22208 MEDIUM

phpMyFAQ < 3.2.5 - Unauthenticated Email Spam via FAQ Sharing Functionality

CVE-2024-24573 HIGH

facileManager <4.5.0 - Privilege Escalation

CVE-2024-23653 CRITICAL

BuildKit < 0.12.5 - Incorrect Authorization via Interactive Container API

CVE-2024-22938 HIGH

BossCMS <1.3.0 - Privilege Escalation

CVE-2024-23629 CRITICAL

Motorola MR2600 Firmware - Authentication Bypass via Web Component

CVE-2024-23675 MEDIUM

Splunk Cloud < 9.1.2312.100 and Splunk Enterprise 9.0.0-9.0.8 - Improper Access Control in KV Store REST API

CVE-2024-23329 LOW

changedetection.io 0.39.14-0.45.13 - Unauthenticated Watch History Exposure via API Endpoint

CVE-2024-21736 MEDIUM

SAP S/4HANA Finance for Advanced Payment Management - Incorrect Authorization in Function Import

CVE-2024-21735 HIGH

SAP LT Replication Server S4CORE 103-108 - Incorrect Authorization

CVE-2023-7322 HIGH

Nagios Log Server < 2024 - Incorrect Authorization Granting Full API Access

CVE-2023-50946 MEDIUM

IBM Common Licensing 9.0 - Authenticated Incorrect Authorization

CVE-2023-4617 CRITICAL

Govee Home < 5.9 - Unauthenticated Device Control via HTTP POST Parameter Manipulation

CVE-2023-52944 MEDIUM

Synology Surveillance Station < 9.2.0-9289 - Authenticated Incorrect Authorization in ActionRule WebAPI

CVE-2023-52943 MEDIUM

Synology Surveillance Station < 9.2.0-9289 - Authenticated Incorrect Authorization in Alert.Setting webapi

CVE-2023-21270 HIGH

Android - Local Privilege Escalation via Incorrect Permission Flags

CVE-2023-25189 LOW

BTS - Unauthenticated Information Disclosure via Web Element Manager

CVE-2023-38368 MEDIUM

IBM Security Access Manager Docker <10.0.8 - Info Disclosure

CVE-2023-38389 CRITICAL

Artbees JupiterX Core <3.3.8 - Privilege Escalation

CVE-2023-42124 HIGH

Avast Premium Security - Privilege Escalation via Sandbox Protection Incorrect Authorization

CVE-2023-50363 HIGH

QNAP QTS and QuTS hero - Authenticated Authorization Bypass via Network

CVE-2023-51405 HIGH

Repute Infosystems BookingPress <1.0.74 - Auth Bypass

Previous Page 62 of 124 Next

Details

Vulnerabilities 3,087

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy