Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,041 vulnerabilities with CWE-863

CVE-2026-2725 MEDIUM

Improper Authorization in Gerrit allowing Code Review Bypass via "Submitted Together"

CVE-2026-45226 HIGH

Heym < 0.0.21 Authorization Bypass in Workflow Execution

CVE-2026-44260 HIGH

efw4.X: readonly Flag Not Enforced Server-Side

CVE-2026-43948 CRITICAL

wger: cross-tenant password reset and plaintext disclosure via gym=None bypass

CVE-2026-35555 MEDIUM

Subnet Solutions PowerSYSTEM Center Incorrect Authorization

CVE-2026-33570 MEDIUM

Subnet Solutions PowerSYSTEM Center Incorrect Authorization

CVE-2026-26289 HIGH

Subnet Solutions PowerSYSTEM Center Incorrect Authorization

CVE-2026-44221 CRITICAL

ArcadeDB: Cross-database authorization bypass and unsecured newly-created databases

CVE-2026-42889 CRITICAL

Relay Server WebSocket authentication bypass when token is omitted

CVE-2026-34646 HIGH

Adobe Commerce | Incorrect Authorization (CWE-863)

CVE-2026-34645 HIGH

Adobe Commerce | Incorrect Authorization (CWE-863)

CVE-2026-34660 CRITICAL

Adobe Connect | Incorrect Authorization (CWE-863)

CVE-2026-2465 HIGH

Improper Authorization in E-Kalite's Turboard FOR-S

CVE-2026-43913 HIGH

Vaultwarden: Unconfirmed Owner Can Purge Entire Organization Vault

CVE-2026-43889 MEDIUM

Outline: Unauthorized Document Publication via Mixed collectionId+documentId Share

CVE-2026-28951 HIGH

iOS and iPadOS < 18.7.9 and < 26.5, macOS < 14.8.7, < 15.7.7, and < 26.5 - Authorization Bypass to Root Privileges

CVE-2026-28873 HIGH

iOS and iPadOS < 18.7.9 and < 26.4 - Incorrect Authorization

CVE-2026-42884 MEDIUM

Audiobookshelf: Collection endpoints bypass library access controls exposing restricted library data

CVE-2026-42883 MEDIUM

Audiobookshelf: Cross-library file exfiltration via unscoped bulk download endpoint

CVE-2026-42882 CRITICAL

oxyno-zeta/s3-proxy: Security Issues in Resource Path Matching

CVE-2026-45002 MEDIUM

OpenClaw < 2026.4.20 - Hook Session-Key Bypass via Template Mapping

CVE-2026-44998 MEDIUM

OpenClaw < 2026.4.20 - Tool Policy Bypass via Bundled MCP/LSP Tools

CVE-2026-44991 MEDIUM

OpenClaw < 2026.4.21 - Authorization Bypass in Owner-Enforced Commands via Wildcard Channel Senders

CVE-2026-42313 HIGH

pyload-ng: non-admin SETTINGS users can redirect all outbound traffic through an attacker-controlled proxy

CVE-2026-42312 MEDIUM

pyload-ng: non-admin SETTINGS users can disable outbound TLS peer verification

Previous Page 7 of 122 Next

Details

Vulnerabilities 3,041

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy