Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,104 vulnerabilities with CWE-863

CVE-2021-39904 MEDIUM

GitLab 13.1-14.2.5, 14.3-14.3.3, 14.4 - Improper Access Control in GraphQL API

CVE-2021-39902 MEDIUM

GitLab 13.4-14.2.6 - Incorrect Authorization in Incident Severity Modification

CVE-2021-21693 CRITICAL

Jenkins < 2.303.3 and < 2.319 - Incorrect Authorization in Temporary File Creation

CVE-2021-39341 HIGH

OptinMonster < 2.6.4 - Sensitive Information Disclosure via Insufficient Authorization

CVE-2021-24770 MEDIUM

Stylish Price List WP <6.9.1 - Auth Bypass

CVE-2021-24757 MEDIUM

Stylish Price List WP <6.9.0 - Unauthenticated RCE

CVE-2021-24742 MEDIUM

Logo Slider and Showcase WP <1.3.37 - Auth Bypass

CVE-2021-24717 HIGH

AutomatorWP <1.7.6 - Info Disclosure/Privilege Escalation

CVE-2021-41189 HIGH

DSpace 7.0 - Incorrect Authorization

CVE-2021-39321 HIGH

Sassy Social Share 3.3.23 - Authenticated PHP Object Injection via Import Config AJAX Action

CVE-2021-38345 HIGH

Brizy Page Builder <2.3.11 - Auth Bypass

CVE-2021-20803 MEDIUM

Cybozu Remote Service <3.1.9 - Auth Bypass

CVE-2021-40456 MEDIUM

Windows AD FS - Privilege Escalation

CVE-2021-42137 MEDIUM

Zammad < 5.0.1 - Incorrect Authorization for Ticket List View

CVE-2021-28661 MEDIUM

SilverStripe GraphQL Server 3.0.0-3.4.1 - Incorrect Authorization

CVE-2021-22262 MEDIUM

GitLab 13.12-14.0.8, 14.1-14.1.3, 14.2-14.2.1 - Incorrect Authorization in Jira Connect Namespace Management

CVE-2021-41093 HIGH

Wire < 3.86 - Account Takeover via Stale Access Token

CVE-2021-22535 MEDIUM

Micro Focus DRA <10.1.1 - Info Disclosure

CVE-2021-24652 MEDIUM

PostX - Gutenberg Blocks for Post Grid < 2.4.10 - Authenticated Incorrect Authorization via AJAX Requests

CVE-2021-40655 HIGH KEV

D-LINK-DIR-605 B2 - Info Disclosure

CVE-2021-40654 MEDIUM

D-LINK-DIR-615 B2 2.01mt - Info Disclosure

CVE-2021-36749 MEDIUM

Apache Druid < 0.22.0 - Authenticated Arbitrary File Read via HTTP InputSource

CVE-2021-34648 MEDIUM

Ninja Forms <= 3.5.7 - Authenticated Arbitrary Email Sending via trigger_email_action

CVE-2021-34647 MEDIUM

Ninja Forms <= 3.5.7 - Authenticated Sensitive Information Disclosure via Bulk Export Submissions

CVE-2021-41082 HIGH

Discourse < 2021-09-14 - Exposure of Sensitive Information via Private Message Group Handling

Previous Page 95 of 125 Next

Details

Vulnerabilities 3,104

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy