Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,098 vulnerabilities with CWE-863

CVE-2023-23924 CRITICAL

dompdf < 2.0.2 - Arbitrary Object Unserialize via SVG Image Tag Bypass

CVE-2023-22610 CRITICAL

EcoStruxure Geo SCADA Expert 2019 - Denial of Service via Database Server TCP Port

CVE-2023-24829 HIGH

Apache IoTDB 0.13.0-0.13.2 - Incorrect Authorization in iotdb-web-workbench

CVE-2023-22500 HIGH

GLPI 10.0.0-10.0.5 - Unauthenticated Inventory File Access via FAQ

CVE-2023-22482 CRITICAL

Argo CD 1.8.2-2.3.12, 2.4.0-2.4.18, 2.5.0-2.5.5 - Incorrect Authorization via OIDC Audience Claim

CVE-2023-21719 MEDIUM

Microsoft Edge Chromium < 109.0.1518.70 - Security Feature Bypass

CVE-2023-20018 HIGH

Cisco IP Phone <7800-8800 - Auth Bypass

CVE-2023-0298 MEDIUM

firefly-iii <5.8.0 - Info Disclosure

CVE-2023-22480 HIGH

KubeOperator < 3.16.4 - Improper Authorization

CVE-2023-0091 LOW

Keycloak - Incorrect Authorization in Client Credential Flow

CVE-2023-22945 MEDIUM

MediaWiki GrowthExperiments < 1.39.0 - Incorrect Authorization in Mentor List Management

CVE-2023-21560 MEDIUM

Windows Boot Manager - Privilege Escalation

CVE-2023-0133 MEDIUM

Google Chrome <109.0.5414.74 - Auth Bypass

CVE-2022-31671 HIGH

Harbor 2.0.0-2.4.2 and 1.0.0-1.10.12 - Authenticated Improper Authorization via P2P Preheat Execution Logs

CVE-2022-31670 HIGH

Harbor 1.0.0-1.10.12 - Authenticated Tag Retention Policy Modification via Permission Bypass

CVE-2022-31669 MEDIUM

Harbor 2.0.0-2.4.2 and 1.0.0-1.10.12 - Authenticated Improper Authorization in Tag Immutability Policy Update

CVE-2022-31668 HIGH

Harbor 2.0.0-2.4.2 - Authenticated Improper Authorization in P2P Preheat Policy Update

CVE-2022-31667 MEDIUM

Harbor 1.0.0-1.10.12 and 2.0.0-2.4.2 - Authenticated Improper Authorization via Robot Account Update

CVE-2022-30358 HIGH

OvalEdge < 5.2.8 - Authenticated Account Takeover via Password Update Endpoint

CVE-2022-30356 MEDIUM

OvalEdge < 5.2.8 - Authenticated Privilege Escalation via User Role Assignment

CVE-2022-45168 MEDIUM

LIVEBOX Collaboration vDesk < 018 - Two-Factor Authentication Bypass via Backup Code Endpoint

CVE-2022-0775 MEDIUM

WooCommerce <6.2.1 - Privilege Escalation

CVE-2022-39337 HIGH

Hertzbeat < 1.2.1 - Unauthenticated Permission Bypass

CVE-2022-40681 HIGH

FortiClient 6.0.0-6.0.10, 6.2.0-6.2.9, 6.4.0-6.4.9, 7.0.0-7.0.7 - Denial of Service via Named Pipe Request

CVE-2022-3248 MEDIUM

OpenShift API - Privilege Escalation

Previous Page 79 of 124 Next

Details

Vulnerabilities 3,098

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy