Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,099 vulnerabilities with CWE-863

CVE-2021-39630 HIGH

Android - Local Privilege Escalation via OverlayManagerService Permissions Bypass

CVE-2021-4194 MEDIUM

BookStack < 21.12.1 - Improper Access Control

CVE-2021-45457 HIGH

Apache Kylin 2.0.0-2.6.6, 3.0.0-3.1.2, 4.0.0 - Incorrect Authorization via Cross-Origin Request Handling

CVE-2021-20868 MEDIUM

KONICA MINOLTA bizhub series - Auth Bypass

CVE-2021-20149 CRITICAL

Trendnet TEW-827DRU 2.08B01 - Unauthenticated WAN Access via IPv6

CVE-2021-43858 HIGH

MinIO <RELEASE.2021-12-27T07-23-18Z - Privilege Escalation

CVE-2021-45339 HIGH

Avast Antivirus < 20.4 - Privilege Escalation via Process Hollowing

CVE-2021-23175 HIGH

NVIDIA GeForce Experience - Privilege Escalation

CVE-2021-38017 HIGH

Google Chrome < 96.0.4664.45 - Insufficient Policy Enforcement in iframe Sandbox

CVE-2021-38016 HIGH

Google Chrome < 96.0.4664.45 - Same Origin Policy Bypass via Background Fetch

CVE-2021-23803 CRITICAL

latte < 2.10.6 - Incorrect Authorization via Control Character Bypass

CVE-2021-45102 HIGH

HTCondor 9.0.x-9.0.4 and 9.1.x-9.1.2 - Incorrect Authorization via SciToken Authentication

CVE-2021-0649 HIGH

Android 11 - Unauthenticated Local Privilege Escalation via VPN Profile Reset

CVE-2021-39945 LOW

GitLab 9.4.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Incorrect Authorization in Merge Request Approval

CVE-2021-39936 LOW

GitLab 10.7-14.3.5, 14.4-14.4.3, 14.5-14.5.1 - Incorrect Authorization via Deploy Token

CVE-2021-39930 MEDIUM

GitLab EE 12.4-14.3.6 14.4.0-14.4.4 14.5.0-14.5.2 - Unauthenticated Custom Project and Group Template Access

CVE-2021-39918 LOW

GitLab 11.1.0-14.3.5, 14.4.0-14.4.3, 14.5.0-14.5.1 - Incorrect Authorization in Vulnerability Comment Feature

CVE-2021-24872 MEDIUM

Get Custom Field Values <4.0 - Info Disclosure

CVE-2021-24819 MEDIUM

WordPress Plugin <1.0 - Info Disclosure

CVE-2021-41805 HIGH

HashiCorp Consul Enterprise < 1.8.17, 1.9.x < 1.9.11, 1.10.x < 1.10.4 - Incorrect Access Control via Namespace ACL Token

CVE-2021-29678 HIGH

IBM Db2 9.7, 10.1, 10.5, 11.1, 11.5 - Incorrect Authorization

CVE-2021-38503 CRITICAL

Firefox < 94 - Firefox ESR < 91.3 - XSS

CVE-2021-41013 MEDIUM

FortiWeb <6.4.1, <6.3.15 - Info Disclosure

CVE-2021-42758 HIGH

FortiWLC <= 8.6.1 - Authenticated Privilege Escalation via GUI Restriction Bypass

CVE-2021-43781 MEDIUM

Invenio-Drafts-Resources <0.13.7, 0.14.6 - Privilege Escalation

Previous Page 93 of 124 Next

Details

Vulnerabilities 3,099

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy