Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,088 vulnerabilities with CWE-863

CVE-2023-5799 MEDIUM

WP Hotel Booking < 2.0.8 - Incorrect Authorization in Package Deletion

CVE-2023-5509 MEDIUM

myStickymenu < 2.6.5 - Authenticated Incorrect Authorization via AJAX Calls

CVE-2023-48309 MEDIUM

next-auth < 4.24.5 - Improper Authorization via Middleware JWT Manipulation

CVE-2023-48218 MEDIUM

Strapi Protected Populate Plugin < 1.3.4 - Incorrect Authorization Bypass

CVE-2023-3379 MEDIUM

WAGO Compact Controller 100 Firmware <25 - Authenticated Privilege Escalation via Password Change

CVE-2023-45626 MEDIUM

ArubaOS 10.3.0.0-10.4.0.3 and InstantOS 6.4.0.0-8.6.0.23 - Authenticated Persistent Arbitrary Code Execution

CVE-2023-31403 CRITICAL

SAP Business One <10.0 - Auth Bypass

CVE-2023-47037 MEDIUM

Apache Airflow < 2.7.3 - Authenticated DAG Run Detail Modification via Notes Submission

CVE-2023-4379 HIGH

GitLab EE <16.2.8-16.4.1 - Info Disclosure

CVE-2023-46244 CRITICAL

XWiki 3.3-14.10.6 - Incorrect Authorization via Velocity Script Execution

CVE-2023-42553 MEDIUM

Samsung Email < 6.1.90.4 - Incorrect Authorization

CVE-2023-42541 MEDIUM

Samsung Push Service < 3.4.10 - Improper Authorization in PushClientProvider

CVE-2023-5352 MEDIUM

Awesome Support < 6.1.5 - Unauthorized Post Editing via wpas_edit_reply Function

CVE-2023-20048 CRITICAL

Cisco Firepower Management Center - Privilege Escalation

CVE-2023-46992 HIGH

TOTOLINK A3300R V17.0.0cu.557_B20221024 - Privilege Escalation

CVE-2023-22518 CRITICAL KEV

Atlassian Confluence Unauth JSON setup-restore Improper Authorization leading to RCE (CVE-2023-22518)

CVE-2023-45899 HIGH

idnovate superuser <v2.4.2 - Auth Bypass

CVE-2023-46139 MEDIUM

KernelSU <0.7.0 - Privilege Escalation

CVE-2023-21390 HIGH

Android < 14.0 - Local Privilege Escalation via SIM Permission Bypass

CVE-2023-47090 MEDIUM

NATS nats-server 2.2.0-2.9.22 and 2.10.0-2.10.1 - Unauthenticated Authentication Bypass via Implicit $G User

CVE-2023-21311 MEDIUM

Android < 14.0 - Unauthenticated Private DNS Settings Bypass

CVE-2023-40117 HIGH

Android - Local Privilege Escalation via Lockscreen Bypass in SettingsProvider

CVE-2023-46754 MEDIUM

obl.ong/admin < 1.1.2 - Unauthenticated Authorization Bypass via Email OTP Feature

CVE-2023-46753 MEDIUM

FRRouting < 9.0.1 - Denial of Service via Crafted BGP UPDATE Message

CVE-2023-41077 MEDIUM

macOS 13.0-13.6.1 - Unprotected User Data Exposure via Incorrect Authorization

Previous Page 66 of 124 Next

Details

Vulnerabilities 3,088

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy