Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,087 vulnerabilities with CWE-863

CVE-2023-6542 HIGH

SAP Emarsys SDK for Android - Unauthenticated Arbitrary URL Navigation via Activity Invocation

CVE-2023-36646 HIGH

ProLion CryptoSpike 3.0.15P2 - Privilege Escalation

CVE-2023-50457 MEDIUM

Zammad < 6.2.0 - Incorrect Authorization in Knowledge Base Ticket Linking

CVE-2023-48859 HIGH

TOTOLINK A3002RU <2.0.0-B20190902.1958 - Authenticated RCE

CVE-2023-49246 HIGH

Card Management Module - Info Disclosure

CVE-2023-49240 HIGH

Huawei EMUI and HarmonyOS - Unauthorized Access in Launcher Module

CVE-2023-49239 HIGH

Card Management Module - Info Disclosure

CVE-2023-42575 MEDIUM

Samsung Pass < 4.3.00.17 - Improper Authentication via Invalid Flag Setting

CVE-2023-42569 MEDIUM

Samsung Android 11.0-12.0 - Unauthorized Sandbox Data Access in AR Emoji

CVE-2023-33071 HIGH

Qualcomm QCA6574 and Related Firmware - Memory Corruption via Untrusted App Access to HAb

CVE-2023-24052 CRITICAL

Connectize AC21000 G6 Firmware 641.139.1.1256 - Incorrect Authorization via Password Change Functionality

CVE-2023-24051 CRITICAL

Connectize AC21000 G6 - Privilege Escalation

CVE-2023-24047 MEDIUM

Connectize AC21000 G6 <641.139.1 - Privilege Escalation

CVE-2023-49947 HIGH

Forgejo < 1.20.5-1 - Two-Factor Authentication Bypass via Docker Login Basic Authentication

CVE-2023-42006 HIGH

IBM Administration Runtime Expert for i 7.2-7.5 - Incorrect Authorization

CVE-2023-5995 MEDIUM

GitLab 16.2.0-16.4.2, 16.5.0-16.5.2, 16.6.0 - Incorrect Authorization via Policy Bot Abuse

CVE-2023-4658 LOW

GitLab 8.13-16.4.2, 16.5-16.5.2, 16.6 - Incorrect Authorization via Allowed to Merge Permission

CVE-2023-4317 MEDIUM

GitLab <16.4.3-16.6.1 - Info Disclosure

CVE-2023-3964 MEDIUM

GitLab 13.2-16.4.2, 16.5-16.5.2, 16.6 - Incorrect Authorization in Package Registry

CVE-2023-3443 LOW

GitLab 12.1-16.4.2 16.5-16.5.2 16.6 - Incorrect Authorization for Emoji Addition on Confidential Work Items

CVE-2023-47827 MEDIUM

Events Addon for Elementor <= 2.1.3 - Incorrect Authorization

CVE-2023-40610 MEDIUM

Apache Superset <2.1.2 - Privilege Escalation

CVE-2023-48712 HIGH

warpgate < 0.8.1 - Privilege Escalation via Single-Factor Authentication Impersonation

CVE-2023-5553 HIGH

AXIS OS 10.8-11.7.56 and AXIS OS 2022 < 10.12.213 - Incorrect Authorization

CVE-2023-5799 MEDIUM

WP Hotel Booking < 2.0.8 - Incorrect Authorization in Package Deletion

Previous Page 65 of 124 Next

Details

Vulnerabilities 3,087

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy