Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,104 vulnerabilities with CWE-863

CVE-2021-22515 MEDIUM

NetIQ Advanced Authentication <6.3 SP4 Patch 1 - Auth Bypass

CVE-2021-26273 HIGH

NinjaRMM 5.0.909 - Incorrect Authorization

CVE-2021-24405 MEDIUM

easy_cookies_policy < 1.6.2 - Authenticated Stored Cross-Site Scripting via Settings Update

CVE-2021-36132 HIGH

MediaWiki < 1.36 - Incorrect Authorization in FileImporter Extension

CVE-2021-35197 HIGH

MediaWiki < 1.31.15, 1.32.x-1.35.x < 1.35.3, 1.36.x < 1.36.1 - Incorrect Authorization via Purge API

CVE-2021-27661 HIGH

Johnson Controls F4-SNC Firmware - Authenticated Improper Privilege Management via Crafted Web Messages

CVE-2021-22119 HIGH

Spring Security 5.2.0-5.2.10, 5.3.0-5.3.9, 5.4.0-5.4.6, 5.5.0 - Denial of Service via OAuth 2.0 Authorization Request

CVE-2021-32716 MEDIUM

Shopware <6.4.1.1 - Info Disclosure

CVE-2021-29961 MEDIUM

Firefox < 89.0 - User Interface Spoofing via Oversized Select Element

CVE-2021-29959 MEDIUM

Firefox < 89.0 - Incorrect Authorization via Microphone and Camera Permissions

CVE-2021-32701 HIGH

ORY Oathkeeper >=0.38.0-beta.2 <0.38.12-beta.1 - Incorrect Authorization via OAuth2 Introspection Cache

CVE-2021-0571 HIGH

Android 11 - Incorrect Authorization in ActivityTaskManagerService and AppTaskImpl

CVE-2021-24379 MEDIUM

Comments Like Dislike < 1.1.4 - Unauthenticated Like/Dislike Manipulation via AJAX Request Replay

CVE-2021-26845 HIGH

Hitachi ABB Power Grids eSOMS 6.0-6.0.4.2.1 and 6.1-6.0.3 - Unauthorized Information Exposure via Report URL

CVE-2021-0472 HIGH

Android - Local Privilege Escalation via App Pinning Permissions Bypass

CVE-2021-25418 HIGH

Samsung Internet <14.0.1.62 - Privilege Escalation

CVE-2021-25410 HIGH

CallBGProvider <SMR JUN-2021 Release 1 - Privilege Escalation

CVE-2021-25406 MEDIUM

Gear S Plugin <2.2.05.20122441 - Info Disclosure

CVE-2021-21664 MEDIUM

Jenkins XebiaLabs XL Deploy Plugin < 10.0.1 - Incorrect Authorization via URL Connection

CVE-2021-30539 MEDIUM

Google Chrome < 91.0.4472.77 - Content Security Policy Bypass via Crafted HTML Page

CVE-2021-30538 MEDIUM

Google Chrome < 91.0.4472.77 - Content Security Policy Bypass via Crafted HTML Page

CVE-2021-30537 MEDIUM

Google Chrome <91.0.4472.77 - Auth Bypass

CVE-2021-30534 MEDIUM

Google Chrome < 91.0.4472.77 - Insufficient Policy Enforcement in iFrameSandbox

CVE-2021-30533 MEDIUM KEV

Google Chrome < 91.0.4472.77 - Navigation Restriction Bypass via PopupBlocker

CVE-2021-33881 MEDIUM

NXP MIFARE Ultralight and NTAG Firmware - Incorrect Authorization via Tear-Off Attack

Previous Page 98 of 125 Next

Details

Vulnerabilities 3,104

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy