Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,098 vulnerabilities with CWE-863

CVE-2022-1124 MEDIUM

GitLab < 14.8.6, 14.9.0-14.9.4, 14.10.0 - Incorrect Authorization for Job Trace Log Access

CVE-2022-28601 MEDIUM

Simple 2FA Plugin for Moodle - Auth Bypass

CVE-2022-1417 MEDIUM

GitLab 8.12-14.8.5, 14.9-14.9.3, 14.10 - Unauthenticated Project Wiki Access via CI Job

CVE-2022-0866 MEDIUM

JBoss EAP >=7.1.0 and WildFly >=11.0.0 <26.1.1 - Incorrect Authorization via Concurrent RunAs Principal Handling

CVE-2022-1631 HIGH

microweber < 1.2.15 - Unauthenticated Account Takeover via Email Registration

CVE-2022-29176 CRITICAL

rubygems.org - Unauthenticated Gem Removal and Replacement via Yank Action

CVE-2022-0984 MEDIUM

Moodle 3.9.0-3.9.12 and 3.11.0-3.11.5 - Incorrect Authorization in Badge Criteria Configuration

CVE-2022-0985 MEDIUM

moodle <3.9.13 and 3.11.0-3.11.6 - Improper Authentication in User Deletion

CVE-2022-23822 MEDIUM

Zynq-7000 SoC FSBL - Privilege Escalation

CVE-2022-1466 MEDIUM

Redhat Keycloak < 17.0.1 - Incorrect Authorization

CVE-2022-24865 MEDIUM

HumHub < 1.9.4 - Unauthorized Data Exposure via Forced Password Change

CVE-2022-27055 HIGH

ecjia-daojia 1.38.1-20210202629 - Information Leakage via Installer Helper

CVE-2022-24841 MEDIUM

fleetdm/fleet < 4.13 - Authorization Bypass via Team Admin Privilege Escalation

CVE-2022-1365 MEDIUM

cross-fetch < 3.1.5 - Exposure of Private Personal Information

CVE-2022-29047 MEDIUM

Jenkins Pipeline: Shared Groovy Libraries Plugin <2.21.3 - Code Inj...

CVE-2022-28542 MEDIUM

Galaxy Store <4.5.40.5 - Privilege Escalation

CVE-2022-27836 HIGH

Android Storage Manager < SMR Apr-2022 Release 1 - Improper Access Control and Path Traversal

CVE-2022-27575 LOW

Google Android - Information Disclosure

CVE-2022-1193 MEDIUM

GitLab 10.7-14.7.7, 14.8-14.8.5, 14.9-14.9.2 - Unauthenticated Improper Access Control via Merge Requests

CVE-2022-0920 HIGH

Salon booking system Free and Pro < 7.6.3 - Unauthenticated Incorrect Authorization

CVE-2022-26676 CRITICAL

aEnrich a+HRD - Unauthenticated Arbitrary File Upload and Remote Code Execution via API Function

CVE-2022-27609 MEDIUM

Forcepoint One Endpoint < 22.01 - Insufficient Anti-Tampering Protection

CVE-2022-27608 MEDIUM

Forcepoint One Endpoint < 22.01 - Registry Key Tampering via Anti-Tampering Mechanism

CVE-2022-0740 LOW

GitLab CE/EE <14.7.7-14.9.2 - Auth Bypass

CVE-2022-0825 MEDIUM

Amelia < 1.0.49 - Incorrect Authorization in Appointment Management

Previous Page 88 of 124 Next

Details

Vulnerabilities 3,098

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy