Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,088 vulnerabilities with CWE-863

CVE-2023-2759 HIGH

TapHome core_firmware < 2023.2 - Authenticated Incorrect Authorization via Hidden API

CVE-2023-31704 CRITICAL

Sourcecodester Online Computer and Laptop Store 1.0 - Incorrect Authorization

CVE-2023-3444 MEDIUM

GitLab 15.3-15.11.9, 16.0-16.0.5, 16.1 - Incorrect Authorization in Protected Branch Merge

CVE-2023-2576 MEDIUM

GitLab 13.7-15.11.9, 16.0-16.0.5, 16.1 - Incorrect Authorization in CODEOWNERS Rule Removal

CVE-2023-21256 HIGH

Android - Local Privilege Escalation via SettingsHomepageActivity Logic Error

CVE-2023-21254 HIGH

Android - Incorrect Authorization in OneTimePermissionUserManager

CVE-2023-21245 HIGH

Android - Local Privilege Escalation via KeyguardSecurityContainerController Logic Error

CVE-2023-37579 HIGH

Apache Pulsar < 2.10.4 and 2.11.0 - Authenticated Credential Leak via Function Worker Source/Sink Configuration

CVE-2023-35908 MEDIUM

Apache Airflow <2.6.3 - Info Disclosure

CVE-2023-30429 CRITICAL

Apache Pulsar < 2.10.4 and 2.11.0 - Incorrect Authorization via Pulsar Function Worker

CVE-2023-30428 HIGH

Apache Pulsar 2.9.0-2.9.5, 2.10.0-2.10.3, 2.11.0 - Incorrect Authorization via Rest Producer

CVE-2023-36994 CRITICAL

TravianZ <8.3.4-8.3.3 - Code Injection

CVE-2023-34197 MEDIUM

Zoho ManageEngine <14202-14300 - Privilege Escalation

CVE-2023-36829 MEDIUM

Sentry 23.6.0-23.6.2 - Permissive Cross-domain Security Policy via Origin Header

CVE-2023-29381 CRITICAL

Zimbra Collaboration <9.0 - Privilege Escalation

CVE-2023-29656 MEDIUM

Darktrace Threat Visualizer 6.0.0-6.0.14 - Incorrect Authorization

CVE-2023-35939 HIGH

GLPI <10.0.8 - Privilege Escalation

CVE-2023-34107 MEDIUM

GLPI 9.2.0-10.0.7 - Authenticated Incorrect Access Control in KnowbaseItems

CVE-2023-34106 MEDIUM

GLPI <10.0.8 - Privilege Escalation

CVE-2023-26258 CRITICAL

Arcserve UDP <9.0.6034 - Auth Bypass

CVE-2023-31997 CRITICAL

UniFi OS 3.1 - Incorrect Authorization in MongoDB Access Control

CVE-2023-3485 LOW

Temporal Server < 1.20.0 - Namespace Access Control Bypass via Crafted Task Token

CVE-2023-37300 MEDIUM

MediaWiki < 1.39.3 - Incorrect Authorization in CheckUserLog API

CVE-2023-33190 CRITICAL

Sealos <4.2.1-rc4 - Privilege Escalation

CVE-2023-30955 MEDIUM

Foundry workspace-server <7.7.0 - Auth Bypass

Previous Page 71 of 124 Next

Details

Vulnerabilities 3,088

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy