Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,098 vulnerabilities with CWE-863

CVE-2022-41944 LOW

Discourse < 2.8.12 - Unauthorized Sensitive Information Exposure via Topic Notifications

CVE-2022-4090 MEDIUM

rickxy Stock Management System - CSRF

CVE-2022-41923 CRITICAL

Grails Spring Security Core Privilege Escalation via Endpoint Authorization Bypass

CVE-2022-36785 HIGH

D-Link G Integrated Access Device4 Firmware - Information Disclosure and Authorization Bypass via setupWizard.asp

CVE-2022-4014 MEDIUM

FeehiCMS - Cross-Site Request Forgery in Post My Comment Tab

CVE-2022-4013 MEDIUM

Hospital Management Center - Cross-Site Request Forgery in appointment.php

CVE-2022-41918 MEDIUM

OpenSearch < 1.3.7 - Incorrect Authorization in Fine-Grained Access Control Rules

CVE-2022-20928 MEDIUM

Cisco Adaptive Security Appliance Software - Incorrect Authorization via VPN Authentication Flow

CVE-2022-45383 MEDIUM

Jenkins Support Core Plugin < 1206.1208.v9b_7a_1d48db_0f - Incorrect Authorization

CVE-2022-42978 HIGH

Netic User Export for Confluence Data Center < 1.3.5 - Unauthenticated Incorrect Authorization

CVE-2022-39385 MEDIUM

Discourse < 2.8.10 - Unauthorized Private Message Topic Access via Invitation Redemption

CVE-2022-3978 MEDIUM

NodeBB < 2.5.8 - Cross-Site Request Forgery via /register/abort Endpoint

CVE-2022-39388 HIGH

Istio 1.15.0-1.15.2 and 1.15.0-beta.0-1.15.3 - Incorrect Authorization via Workload Identity Impersonation

CVE-2022-3819 LOW

GitLab CE/EE <15.3.5-15.5.2 - Auth Bypass

CVE-2022-41091 MEDIUM KEV

Windows 10 1507-22H2 and Windows 11 21H2-22H2 - Security Feature Bypass via Mark of the Web

CVE-2022-39352 MEDIUM

OpenFGA < 0.2.5 - Authorization Bypass via Wildcard Tupleset Relation

CVE-2022-20942 MEDIUM

Cisco AsyncOS < 14.2.1-015 - Authenticated Sensitive Information Exposure via Weak Authorization Checks

CVE-2022-42788 MEDIUM

macOS < 13.0 - Unauthorized Sensitive Location Data Access

CVE-2022-39322 CRITICAL

Keystone 2.2.0-2.3.1 - Improper Authorization in Multiselect Field Access Control

CVE-2022-42344 HIGH

Adobe Commerce < 2.3.7-p4 - Authenticated Incorrect Authorization

CVE-2022-3585 MEDIUM

SourceCodester Simple Cold Storage Management System 1.0 - CSRF

CVE-2022-3582 MEDIUM

SourceCodester Simple Cold Storage Management System 1.0 - CSRF

CVE-2022-42975 HIGH

Phoenix < 1.6.14 - Incorrect Authorization via Origin Check Wildcard Mishandling

CVE-2022-39302 MEDIUM

Ree6 < 1.9.9 - Incorrect Authorization via Better-Audit-Logging Configuration

CVE-2022-42724 MEDIUM

MISP < 2.4.164 - Incorrect Authorization in UsersController

Previous Page 83 of 124 Next

Details

Vulnerabilities 3,098

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy