Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,041 vulnerabilities with CWE-863

CVE-2026-42843 HIGH

grav-plugin-api: Grav API Privilege Escalation to Super Admin

CVE-2026-42349 HIGH

Clerk: Authorization bypass when combining organization, billing, or reverification checks

CVE-2026-42610 MEDIUM

Grav: Sensitive Information Disclosure via Accounts Service Bypass

CVE-2026-42571 CRITICAL

Privilege Escalation Attack affecting Pelican Web UI

CVE-2026-42296 HIGH

Argo Workflows < 3.7.14/4.0.5 templateReferencing - Strict Mode Bypass

CVE-2026-42137 MEDIUM

Kirby: `pages.access/list` and `files.access/list` permissions are not consistently checked in the REST API and changes dialog

CVE-2026-41432 HIGH

New API: Stripe Webhook Signature Bypass via Empty Secret Enables Unlimited Quota Fraud

CVE-2026-42160 CRITICAL

Data Space Portal: Incorrect Authorization and Client-Side Enforcement of Server-Side Security in ghcr.io/sovity/ds-portal-ce-backend

CVE-2026-40213 HIGH

OpenStack Cyborg < 14.0.1, 15.0.0-15.0.1, 16.0.0-16.0.1 - Authenticated Incorrect Authorization via Default Policy Rule

CVE-2026-41903 MEDIUM

FreeScout PERM_EDIT_USERS - Notification Subscription IDOR

CVE-2026-41689 MEDIUM

Wallos: Shared local webhook allowlist lets low-privilege users send arbitrary requests to allowlisted internal services

CVE-2026-41660 HIGH

Admidio: Inverted 2FA Reset Authorization Check Lets Group Leaders Strip Admin TOTP

CVE-2026-41657 MEDIUM

Admidio: Cross-Organization Member Data Exposure via Permission Check Mismatch in contacts_data.php

CVE-2026-44110 HIGH

OpenClaw < 2026.4.15 - Authorization Bypass in Matrix Room Control Commands via DM Pairing Store

CVE-2026-6863 MEDIUM

HTTP Filestore Endpoints Misapply Permissions Across Organizations

CVE-2026-39852 HIGH

Quarkus authorization bypass via semicolon path normalization inconsistency

CVE-2026-39402 MEDIUM

lxc lxc-user-nic insufficient ownership validation allows cross-tenant OVS port deletion

CVE-2026-33489 HIGH

CoreDNS transfer plugin subzone ACL bypass via lexicographic zone comparison

CVE-2026-43530 HIGH

OpenClaw 2026.2.23 < 2026.4.12 - Weakened Exec Approval Binding via busybox and toybox Applet Execution

CVE-2026-42438 HIGH

OpenClaw 2026.4.9 < 2026.4.10 - Sender Policy Bypass in Host Media Attachment Reads

CVE-2026-42434 HIGH

OpenClaw 2026.4.5 < 2026.4.10 - Sandbox Escape via host Parameter Override in Exec Routing

CVE-2026-42220 MEDIUM

Nginx UI < 2.3.8 - node.secret Information Disclosure

CVE-2026-42812 CRITICAL

Apache Polaris: No protection on `write.metadata.path`

CVE-2026-25293 CRITICAL

Snapdragon >=QCA7005 <QCA7005 - Buffer Overflow due to Incorrect Authorization

CVE-2026-43504 MEDIUM

Prosody <0.12.6, 1.0.0-13.0.0 <13.0.5 - Auth Bypass

Previous Page 8 of 122 Next

Details

Vulnerabilities 3,041

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy