Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

2,832 vulnerabilities with CWE-863

CVE-2026-33251 MEDIUM

Discourse has a Hidden Solved topics permission bypass

CVE-2026-33312 MEDIUM

Read-only Vikunja users can delete project background images via broken object-level authorization

CVE-2026-33132 MEDIUM

ZITADEL is missing enforcement of organization scopes

CVE-2026-32947 MEDIUM

Egress Policy Bypass via DNS over HTTPS (DoH) in Harden-Runner (Community Tier)

CVE-2026-32946 LOW

Egress Policy Bypass via DNS over TCP in Harden-Runner (Community Tier)

CVE-2026-31805 MEDIUM

Discourse has a poll authorization bypass via post_id array parameter

CVE-2026-32811 HIGH

Heimdall: Path received via Envoy gRPC corrupted when containing query string

CVE-2026-32767 CRITICAL

SiYuan: Authorization Bypass Allows Arbitrary SQL Execution via Search API

CVE-2026-32761 MEDIUM

File Browser has an Authorization Policy Bypass in its Public Share Download Flow

CVE-2026-32758 MEDIUM

File Browser has an Access Rule Bypass via Path Traversal in Copy/Rename Destination Parameter

CVE-2026-33410 MEDIUM

Discourse hardens chat DM channel creation and expansion

CVE-2026-32035 MEDIUM

OpenClaw < 2026.3.2 - Missing Owner Flag Validation in Discord Voice Transcript Handler

CVE-2026-32028 MEDIUM

OpenClaw < 2026.2.25 - Missing Authorization Check in Discord DM Reaction Ingress

CVE-2026-32027 MEDIUM

OpenClaw < 2026.2.26 - Improper Authorization via DM Pairing Store Identity Inheritance in Group Allowlist

CVE-2026-32023 HIGH

OpenClaw < 2026.2.24 - Approval Gating Bypass via Dispatch-Wrapper Depth-Cap Mismatch in system.run

CVE-2026-32021 MEDIUM

OpenClaw < 2026.2.22 - Authorization Bypass via Display Name Collision in Feishu allowFrom

CVE-2026-32006 LOW

OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Fallback in Group Allowlist

CVE-2026-32005 MEDIUM

OpenClaw < 2026.2.25 - Authorization Bypass in Interactive Callbacks via Sender Check Skip

CVE-2026-32001 MEDIUM

OpenClaw < 2026.2.22 - Node Role Device-Identity Bypass via WebSocket Authentication

CVE-2026-28282 LOW

Discourse vulnerable to group membership addition permission bypass via discourse-policy plugin

CVE-2026-27936 MEDIUM

Discourse discloses restricted post-action counts to non-privileged users

CVE-2026-33302 HIGH

OpenEMR: zhAclCheck Ignores Explicit ACL Denies

CVE-2026-31998 HIGH

OpenClaw 2026.2.22 < 2026.2.24 - Authorization Bypass in Synology Chat Plugin via Empty allowedUserIds

CVE-2026-31991 LOW

OpenClaw < 2026.2.26 - Authorization Bypass via DM Pairing-Store Leakage in Signal Group Allowlist

CVE-2026-32693 HIGH

Unauthorized access to Kubernetes secrets in Juju

Previous Page 8 of 114 Next

Details

Vulnerabilities 2,832

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy