Search Blog Stats Labs

Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits

About

About Exploit Intel About Exploit Forge Privacy Policy

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Color Theme

Search Blog Statistics Labs Tools EIP CLI Search Tool EIP MCP Server EIP REST API API Rate Limits About About Exploit Forge Privacy

Exploit Database Researchers CWE Categories Vendors Ecosystems

RSS Feeds

Blog Posts Recent CVEs CVEs with Exploits CISA KEV

Follow:

Theme:

Home / CWE / CWE-863

CWE-863

High likelihood

Incorrect Authorization

Parent: CWE-285 - Improper Authorization

The product performs an authorization check when an actor attempts to access a resource or perform an action, but it does not correctly perform the check.

3,104 vulnerabilities with CWE-863

CVE-2021-1540 HIGH

Cisco StarOS - Authenticated Authorization Bypass via CLI Command Execution

CVE-2021-1539 HIGH

Cisco StarOS - Authenticated Authorization Bypass via CLI Command Execution

CVE-2021-3469 MEDIUM

Foreman < 2.3.4 - Authenticated Impersonation via Puppet CA SAN Handling

CVE-2021-3499 MEDIUM

ovn-kubernetes <= 0.3.0 - Incorrect Authorization in Egress Firewall DNS Rules

CVE-2021-20306 MEDIUM

Red Hat Decision Manager - Unauthorized Ruleflow Group Name Disclosure

CVE-2021-32620 HIGH

XWiki 11.6-11.10.12 - Improper Authorization via Email Verification Activation Link

CVE-2021-32619 CRITICAL

Deno 1.5.0-1.10.1 - Improper Authorization via Dynamic Import Bypass

CVE-2021-29628 HIGH

FreeBSD Incorrect Authorization via SMAP Protection Bypass

CVE-2021-21552 MEDIUM

Dell Wyse Windows Embedded System WIE10 LTSC < 2019 - Authenticated Authorization Bypass

CVE-2021-31158 MEDIUM

Couchbase Server <6.6.2 - Privilege Escalation

CVE-2021-20429 MEDIUM

IBM QRadar User Behavior Analytics <4.1.0 - Info Disclosure

CVE-2021-24282 MEDIUM

Redirection for Contact Form 7 < 2.3.4 - Authenticated Incorrect Authorization via AJAX Actions

CVE-2021-24281 MEDIUM

Redirection for Contact Form 7 < 2.3.4 - Authenticated Arbitrary Post Deletion via delete_action_post AJAX Action

CVE-2021-24279 MEDIUM

Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Plugin Installation via import_from_debug AJAX Action

CVE-2021-24278 HIGH

Redirection for Contact Form 7 < 2.3.4 - Unauthenticated Incorrect Authorization via wpcf7r_get_nonce AJAX Action

CVE-2021-31876 MEDIUM

Bitcoin Core 0.12.0-0.21.1 - Denial of Service via BIP125 Replacement Policy Bypass

CVE-2021-3457 MEDIUM

smart_proxy_shell_hooks < 0.9.2 - Authenticated Incorrect Authorization and Denial of Service

CVE-2021-31165 HIGH

Windows 10 and Windows Server 2016 - Privilege Escalation via Container Manager Service

CVE-2021-20538 CRITICAL

IBM Cloud Pak for Security (CP4S) <1.5.0.2 - Info Disclosure

CVE-2021-23015 HIGH

F5 BIG-IP 13.1.0-13.1.3.6, 14.1.0-14.1.4.1, 15.1.0-15.1.2.1, 16.0.x - Auth Bypass via iControl REST

CVE-2021-31829 MEDIUM

Linux Kernel < 5.12.1 - Information Disclosure via BPF Stack Speculative Loads

CVE-2021-22209 HIGH

GitLab 13.8.0-13.9.6 - Incorrect Authorization via GraphQL Mutation

CVE-2021-24244 MEDIUM

WPBakery Page Builder Clipboard 4.5.0-4.5.8 - Incorrect Authorization via AJAX License Update

CVE-2021-22211 LOW

GitLab 13.7.0-13.9.6 - Incorrect Authorization via Dependency Proxy

CVE-2021-21228 MEDIUM

Google Chrome <90.0.4430.93 - Auth Bypass

Previous Page 99 of 125 Next

Details

Vulnerabilities 3,104

Exploit Likelihood High

Links

MITRE CWE Entry Search this CWE With Exploits

Exploit Intelligence Platform

Blog Stats Labs Exploits Researchers CWE Ecosystems CLI MCP API Limits About Privacy