Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,098 vulnerabilities with CWE-863

CVE-2022-41574 HIGH

Gradle Enterprise <2022.4-2022.3.1 - Info Disclosure

CVE-2022-36634 HIGH

ZKTeco ZKBioSecurity V5000 3.0.5_r - Unauthenticated Admin User Creation via Crafted HTTP Request

CVE-2022-39275 MEDIUM

Saleor 2.0.0-3.1.24 - Authenticated Information Exposure via GraphQL Mutation ID Type Validation Bypass

CVE-2022-31252 MEDIUM

openSUSE Leap and Leap Micro - Incorrect Authorization in chkstat

CVE-2022-39031 MEDIUM

Smart eVision - Unauthenticated Exposure of User Session IDs via Task Acquisition Function

CVE-2022-39030 HIGH

smart eVision - Unauthenticated Exposure of Sensitive Information via System Information Query

CVE-2022-39029 MEDIUM

Smart eVision < 2022.02.21 - Authenticated Sensitive Information Exposure via Database Query Function

CVE-2022-40816 MEDIUM

Zammad 5.2.1 - Incorrect Access Control

CVE-2022-3048 MEDIUM

Chrome OS <105.0.5195.52 - Privilege Escalation

CVE-2022-3024 MEDIUM

Simple Bitcoin Faucets <1.7.0 - CSRF & XSS

CVE-2022-39958 HIGH

OWASP ModSecurity Core Rule Set 3.0.0-3.2.1 and 3.3.2 - Response Body Exfiltration via HTTP Range Header Bypass

CVE-2022-39956 HIGH

OWASP ModSecurity Core Rule Set 3.0.0-3.2.1 & 3.3.2 - Bypass via Character Encoding in MIME Headers

CVE-2022-39955 HIGH

OWASP ModSecurity Core Rule Set 3.0.0-3.2.1 and 3.3.2 - Rule Bypass via Multiple Charset Content-Type Header

CVE-2022-0143 CRITICAL

LDAP connector <1.5.20.9 - Unauthenticated Access

CVE-2022-36074 MEDIUM

Nextcloud <24.0.3 - Info Disclosure

CVE-2022-36103 HIGH

Talos Linux < 1.2.2 - Incorrect Permission Assignment for Critical Resource via Worker Node CSR Validation

CVE-2022-2990 HIGH

buildah < 1.27.1 - Incorrect Supplementary Group Assignment

CVE-2022-2989 HIGH

Podman - Incorrect Supplementary Group Assignment

CVE-2022-37767 CRITICAL

Pebble Templates 3.1.5 - Incorrect Authorization Bypass via Springbok

CVE-2022-36109 MEDIUM

Moby < 20.10.18 - Incorrect Authorization via Supplementary Group Manipulation

CVE-2022-23451 HIGH

openstack-barbican < 14.0.0 - Authenticated Incorrect Authorization in Secret Metadata API

CVE-2022-2597 MEDIUM

Visual Portfolio, Photo Gallery & Post Grid < 2.19.0 - Authenticated Arbitrary CSS Injection via REST Endpoints

CVE-2022-23452 MEDIUM

OpenStack Barbican < 14.0.0 - Incorrect Authorization via Admin Role

CVE-2022-36051 HIGH

ZITADEL 1.42.0-1.87.0 and 2.0.0-2.1.9 - Unauthorized Authorization Grant via Actions Feature

CVE-2022-35692 MEDIUM

Adobe Commerce <2.4.3-p2, 2.3.7-p3, 2.4.4 - Info Disclosure

Previous Page 84 of 124 Next

Details

Vulnerabilities 3,098

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy