Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,088 vulnerabilities with CWE-863

CVE-2023-3899 HIGH

subscription-manager - Privilege Escalation

CVE-2023-38035 CRITICAL KEV

Ivanti Sentry MICSLogService Auth Bypass resulting in RCE (CVE-2023-38035)

CVE-2023-40315 MEDIUM

OpenNMS Horizon Authenticated RCE

CVE-2023-40168 HIGH

TurboWarp Desktop < 1.8.0 - Arbitrary File Read via Malicious Project or Extension

CVE-2023-25647 MEDIUM

ZTE Axon 30/40 Pro/40 Ultra, Nubia Z50 Firmware < 3.0.0b06/1.0.0b16/2.0.0b17/1.0.0b19mr - Privilege Escalation

CVE-2023-33237 HIGH

TN-5900 Series firmware <3.3 - Auth Bypass

CVE-2023-32748 CRITICAL

Mitel MiVoice Connect < 22.24.1500.0 - Unauthenticated Arbitrary Script Execution in Linux DVS Server

CVE-2023-39384 HIGH

Huawei EMUI and HarmonyOS - Incomplete Permission Verification in Input Method Module

CVE-2023-4107 MEDIUM

Mattermost 7.8.0-7.8.7 - Incorrect Authorization in User Permission Validation

CVE-2023-28714 HIGH

Intel PROSet/Wireless <22.220 HF - Privilege Escalation

CVE-2023-39965 MEDIUM

1Panel 1.4.3-<1.5.0 - Authenticated Arbitrary File Read via API Interface

CVE-2023-30705 MEDIUM

Samsung Galaxy Store < 4.5.56.6 - Incorrect Authorization via Intent Sanitization Issue

CVE-2023-33468 CRITICAL

KramerAV VIA Connect/VIA Go <4.0.1.1326 - RCE

CVE-2023-24471 MEDIUM

Nozomi Networks CMC and Guardian < 22.6.2 - Authenticated Information Disclosure via Debug Functionality

CVE-2023-38209 MEDIUM

Adobe Commerce <= 2.4.6-p1, <= 2.4.5-p3, <= 2.4.4-p4 - Incorrect Authorization

CVE-2023-4242 MEDIUM

FULL Customer plugin for WordPress <2.2.4 - Info Disclosure

CVE-2023-37492 MEDIUM

SAP NetWeaver Application Server ABAP - Missing Authorization Checks

CVE-2023-37491 HIGH

SAP Message Server - Incorrect Authorization

CVE-2023-39363 MEDIUM

vyper 0.2.15-0.3.0 - Incorrect Authorization via Named Re-entrancy Lock Allocation

CVE-2023-32783 HIGH

Zoho ManageEngine ADAudit Plus 7.1.1 - Audit Detection Bypass via User Account Name Suffix

CVE-2023-4194 MEDIUM

Linux Kernel < 6.4 - Unauthorized Resource Access via TUN/TAP Socket UID Initialization

CVE-2023-20800 MEDIUM

Linuxfoundation Yocto - Incorrect Authorization

CVE-2023-28468 MEDIUM

Insyde Kernel 5.0-5.5 - Incorrect Authorization in FvbServicesRuntimeDxe SMM Module

CVE-2023-38958 MEDIUM

ZKTeco BioAccess IVS 3.3.1 - Unauthenticated Access Control Bypass via Crafted Web Request

CVE-2023-23476 LOW

IBM Robotic Process Automation 21.0.0-21.0.7.latest - Unauthorized Data Access via Insufficient API Authorization

Previous Page 69 of 124 Next

Details

Vulnerabilities 3,088

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy