Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

2,832 vulnerabilities with CWE-863

CVE-2026-4363 LOW

Incorrect Authorization in GitLab

CVE-2026-28864 LOW

Apple Ios And Ipados < 18.7.7 - Denial of Service

CVE-2026-33330 HIGH

FileRise ONLYOFFICE integration allows read-only users to overwrite files via forged save callback

CVE-2026-33326 MEDIUM

@keystone-6/core: `isFilterable` bypass via `cursor` parameter in findMany

CVE-2026-33527 MEDIUM

Parse Server: Session update endpoint allows overwriting server-generated session fields

CVE-2026-33421 MEDIUM

Parse Server: LiveQuery bypasses CLP pointer permission enforcement

CVE-2026-33676 MEDIUM

Vikunja has Cross-Project Information Disclosure via Task Relations — Missing Authorization Check on Related Task Read

CVE-2026-33668 HIGH

Vikunja Allows Disabled/Locked User Accounts to Authenticate via API Tokens, CalDAV, and OpenID Connect

CVE-2026-33316 HIGH

Vikunja’s Improper Access Control Enables Bypass of Administrator-Imposed Account Disablement

CVE-2026-28755 MEDIUM

NGINX ngx_stream_ssl_module vulnerability

CVE-2026-32642 MEDIUM

Apache Artemis, Apache ActiveMQ Artemis: Temporary address auto-created for OpenWire consumer without createAddress permission

CVE-2026-4639 HIGH

Galaxy Software Services｜Vitals ESP - Incorrect Authorization

CVE-2026-27646 MEDIUM

OpenClaw <2026.3.7 - Sandbox Escape

CVE-2026-27183 MEDIUM

OpenClaw < 2026.3.7 - Shell Approval Gating Bypass via Dispatch Wrapper Depth Mismatch

CVE-2026-33650 HIGH

AVideo's Video Moderator Privilege Escalation via Ownership Transfer Enables Arbitrary Video Deletion

CVE-2026-32899 MEDIUM

OpenClaw < 2026.2.25 - Sender Policy Bypass in Slack Reaction and Pin Event Handlers

CVE-2026-32895 MEDIUM

OpenClaw < 2026.2.26 - Sender Authorization Bypass in Slack System Event Handlers

CVE-2026-32067 LOW

OpenClaw < 2026.2.26 - Cross-Account Authorization Bypass in DM Pairing Store

CVE-2026-32058 LOW

OpenClaw < 2026.2.26 - Approval Context-Binding Weakness in system.run via host=node

CVE-2026-32051 HIGH

OpenClaw < 2026.3.1 - Authorization Bypass in Agent Runs via Owner-Only Tool Access

CVE-2026-32050 LOW

OpenClaw < 2026.2.25 - Unauthorized Reaction Status Event Enqueue via Access Check Bypass

CVE-2026-32042 HIGH

OpenClaw < 2026.2.25 - Privilege Escalation via Unpaired Device Identity in Shared Gateway Authentication

CVE-2026-33428 MEDIUM

Discourse Allows Unauthorized Access to Deleted Posts Index via Group Membership

CVE-2026-33424 MEDIUM

PM access granted through invites after access revocation

CVE-2026-33291 MEDIUM

Discourse user can create Zendesk tickets even when it does not have access to topic

Previous Page 7 of 114 Next

Details

Vulnerabilities 2,832

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy