CWE-863: Incorrect Authorization

OvalEdge versions 5.2.8.0 and earlier contain a privilege escalation vulnerability where authenticated users with OE_ADMIN role privileges can assign ...

This vulnerability allows attackers with physical access to an iOS/iPadOS device to recover deleted call recordings. The issue stems from improper acc...

This CVE describes an incorrect authorization vulnerability in Drupal core that allows forceful browsing (accessing restricted pages without proper pe...

Mattermost fails to properly propagate permission scheme updates across cluster nodes, allowing users to retain old permissions even after administrat...

This vulnerability allows a local attacker to escalate privileges on Windows systems running vulnerable versions of Malwarebytes Binisoft Windows Fire...

This vulnerability in Oracle Hyperion Data Relationship Management allows high-privileged attackers with network access to gain unauthorized access to...

A macOS permissions vulnerability allows applications with root privileges to access private information they shouldn't normally access. This affects ...

This vulnerability in Oracle MySQL Server's privilege management component allows high-privileged attackers with network access to cause denial of ser...

This vulnerability allows unauthorized data access in Acronis Cyber Protect 17 due to insufficient access control validation. Attackers could potentia...

This vulnerability allows unauthorized access to sensitive information in Acronis Cyber Protect 17 due to improper access control mechanisms. It affec...

This vulnerability allows unauthorized users to manipulate resources in Acronis Cyber Protect 17 due to improper authorization checks. It affects Acro...

This vulnerability allows authenticated WordPress users with Author-level permissions or higher to create draft posts for restricted post types they s...

This vulnerability allows any authenticated Mattermost user to modify Zoom meeting restrictions for any channel via API requests. Affected systems inc...

This vulnerability allows authenticated Mattermost users with Jira plugin access to bypass channel permissions and read posts/attachments from channel...

An improper access controls vulnerability in Tanium Reputation allows authenticated users to access data they shouldn't have permission to view. This ...

This CVE describes an access control vulnerability in IBM Jazz Foundation that allows authenticated users to perform actions or view data beyond their...

This vulnerability allows authenticated users of certain HIKSEMI NAS products to access and manipulate other users' files without proper authorization...

An improper access controls vulnerability in Tanium Server allows authenticated users to access resources they shouldn't have permission to view. This...

This vulnerability allows attackers to bypass session validation in EVerest EV charging software by sending V2G messages with session ID 0 when no ses...

The CP Image Store with Slideshow WordPress plugin has an authorization bypass vulnerability that allows authenticated users with Contributor-level ac...

This vulnerability in the Blog2Social WordPress plugin allows authenticated users with Subscriber-level access or higher to bypass authorization check...

The WP Table Builder WordPress plugin has an authorization flaw that allows authenticated users with Subscriber-level access or higher to create unaut...

Gitea versions before 1.25.2 have an authorization flaw that allows users to delete releases they shouldn't have permission to delete. This affects al...

This vulnerability allows authenticated Mattermost users with Jira plugin access to read posts and attachments from channels they shouldn't have acces...

This vulnerability allows authenticated Kibana users to escalate privileges by changing document sharing settings to 'global', making documents visibl...

CVE-2025-68422 is an improper authorization vulnerability in Kibana that allows authenticated users to bypass permission restrictions via crafted HTTP...

M-Files Server versions before 25.12.15491.7 have an improper access control vulnerability that allows authenticated users to download files through M...

The Ultimate Member WordPress plugin has a profile privacy setting bypass vulnerability that allows authenticated attackers with Subscriber-level acce...

This vulnerability in SINEMA Remote Connect Server allows attackers with database access to directly modify the system_ticketinfo table and bypass lic...

This vulnerability allows authenticated users with editor permissions in Mattermost Boards to delete comments created by other users, bypassing intend...

This vulnerability in the WordPress Folders plugin allows authenticated attackers with Contributor-level access or higher to move arbitrary folder con...

In Terraform Enterprise, users with specific but insufficient permissions can create state versions in workspaces, potentially allowing infrastructure...

LogStare Collector has an incorrect authorization vulnerability in UserRegistration that allows non-administrative users to create new accounts via cr...

This vulnerability in GitLab EE allows an attacker to remove Duo two-factor authentication flows of another user under certain circumstances. It affec...

Mattermost versions before 11 have an authorization bypass vulnerability where guest users can discover archived public channels through a specific AP...

Moodle fails to properly verify user enrolment status when sending quiz notifications, allowing suspended or inactive users to receive quiz-related me...

CVE-2025-42939 is an authorization bypass vulnerability in SAP S/4HANA's Manage Processing Rules for Bank Statements module. Authenticated attackers w...

This CVE describes an authorization bypass vulnerability in Zabbix where regular users without proper permissions can still access the problem viewing...

This vulnerability in KNIME Business Hub allows unauthorized team members to view sensitive information within jobs, potentially exposing confidential...

This vulnerability allows remote authenticated users to bypass permission checks in Liferay's Batch Engine, enabling unauthorized access to exported d...

This CVE describes an incorrect authorization vulnerability in Zoom Workplace Clients for Windows that allows authenticated users to potentially modif...

An authenticated user with limited privileges can request and download trace files due to improper access restrictions in CMC before version 25.1.0. T...

MiR software versions before 3.0.0 have an authorization flaw that allows low-privilege users to create administrative text notes. This affects organi...

This vulnerability in Cisco ISE allows authenticated attackers with read-only administrator credentials to modify configuration descriptions through c...

This vulnerability in the HT Mega WordPress plugin allows authenticated users with Contributor-level access or higher to delete arbitrary files and mo...

This CVE describes an authorization bypass vulnerability in Tuleap where authenticated users can access confidential artifact information they shouldn...

This vulnerability in JetBrains TeamCity allows unauthorized users to access sensitive build configuration settings through snapshot dependencies. It ...

An incorrect authorization vulnerability in GitHub Enterprise Server allowed contractor accounts to read internal repository contents when the Contrac...

This vulnerability in Oracle PeopleSoft Enterprise PeopleTools allows unauthenticated attackers to read sensitive data by tricking users into clicking...

In affected Splunk Enterprise and Cloud Platform versions, a low-privileged user with read-only access to a specific alert can suppress that alert whe...