Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,087 vulnerabilities with CWE-863

CVE-2023-52111 HIGH

Huawei EMUI and HarmonyOS - Improper Authentication in BootLoader Module

CVE-2023-5356 HIGH

GitLab 8.13-16.5.5, 16.6-16.6.3, 16.7-16.7.1 - Incorrect Authorization via Slack/Mattermost Integration

CVE-2023-4812 HIGH

GitLab EE <16.5.6-16.7.2 - Auth Bypass

CVE-2023-41994 MEDIUM

macOS < 14.0 - Unauthorized Camera Access via Extension Permission Bypass

CVE-2023-46906 MEDIUM

juzaweb/cms < 3.4 - Incorrect Access Control via Timezone Field

CVE-2023-41779 MEDIUM

ZTE ZXCLOUD iRAI < 7.23.32 - Authenticated Denial of Service via Illegal Memory Access

CVE-2023-52077 HIGH

Nexkey <12.23Q4.5 - Privilege Escalation

CVE-2023-5644 HIGH

WP Mail Log < 1.1.3 - Incorrect Authorization via REST API Endpoints

CVE-2023-49949 HIGH

Passwork < 6.2.0 - Authenticated 2FA Bypass via Brute-Force Attack

CVE-2023-51649 LOW

Nautobot 1.5.14-1.6.8 - Incorrect Authorization via Job Button Submission

CVE-2023-51380 LOW

GitHub Enterprise Server <3.7.19-3.11.1 - Auth Bypass

CVE-2023-51379 MEDIUM

GitHub Enterprise Server <3.17.19-3.11.1 - Auth Bypass

CVE-2023-50732 HIGH

XWiki 8.3-14.10.6 - Unauthenticated Velocity Script Execution via Document Tree

CVE-2023-7047 MEDIUM

Devolutions Remote Desktop Manager < 2023.3.31.0 - Incorrect Authorization via Remote Tools Context Menu

CVE-2023-50705 MEDIUM

Efacec UC 500e Firmware - Information Disclosure

CVE-2023-49734 HIGH

Apache Superset < 2.1.2, 3.0.0-3.0.1 - Authenticated Incorrect Authorization via Dashboard Chart Ownership

CVE-2023-6355 MEDIUM

Gallagher Controller 7000 <9.00.231204b - Privilege Escalation

CVE-2023-41314 HIGH

Apache Doris < 2.0.3 - Unauthenticated Arbitrary File Read and Denial of Service via Snapshot and Log File API

CVE-2023-3511 LOW

GitLab EE <16.4.4-16.6.2 - Info Disclosure

CVE-2023-6837 HIGH

WSO2 API Manager 2.5.0-2.5.0.31 - User Impersonation via JIT Provisioning

CVE-2023-45185 HIGH

IBM i Access Client Solutions 1.1.2-1.1.4 and 1.1.4.3-1.1.9.3 - Remote Code Execution via Improper Authority Checks

CVE-2023-50777 MEDIUM

Jenkins PaaSLane Estimate Plugin <= 1.0.4 - Cleartext Storage of Sensitive Information

CVE-2023-47320 HIGH

Silverpeas Core < 6.3.2 - Authenticated Denial of Service via Maintenance Mode Function

CVE-2023-49273 MEDIUM

Umbraco <8.0.0-8.18.10-10.8.1-12.3.4 - Info Disclosure

CVE-2023-48227 MEDIUM

Umbraco CMS 8.0.0-8.18.9 - Incorrect Authorization

Previous Page 64 of 124 Next

Details

Vulnerabilities 3,087

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy