CWE-863: Incorrect Authorization

In affected Splunk Enterprise and Cloud Platform versions, a low-privileged user with read-only access to a specific alert can suppress that alert whe...

This vulnerability allows authenticated Mattermost users who are members of a playbook but not members of a linked private channel to access sensitive...

Adobe Commerce has an incorrect authorization vulnerability (CWE-863) that allows attackers to bypass security features and gain limited unauthorized ...

This CVE describes an authorization bypass vulnerability in WSO2 products that allows authenticated users with management console access to retrieve v...

This vulnerability allows authenticated Mattermost users without proper channel management permissions to add or remove users from public and private ...

This vulnerability in the Poll, Survey & Quiz Maker Plugin by Opinion Stage for WordPress allows authenticated attackers with Contributor-level access...

This vulnerability allows authenticated remote attackers with 'guest' role privileges to terminate legitimate user sessions in affected Siemens indust...

This vulnerability allows attackers to create unauthorized user accounts in WSO2 products regardless of self-registration settings. It affects WSO2 pr...

This vulnerability in FreeScout allows authenticated users to view messages from conversations they shouldn't have access to when creating new convers...

This vulnerability in Moodle allows users to bypass authorization checks in a messaging web service, enabling them to view other users' names and onli...

This vulnerability allows authenticated users to view metadata from archived channels even when the 'Allow Users to View Archived Channels' setting is...

CVE-2025-27188 is an improper authorization vulnerability in Adobe Commerce that allows attackers to bypass security controls and escalate privileges ...

Tuleap's REST API fails to enforce read permissions on parent trackers, allowing authenticated users to access tracker data they shouldn't have permis...

A Pixelfed vulnerability allows unauthorized users to follow private accounts and view private posts across Fediverse servers. This affects all Pixelf...

Mattermost fails to restrict bookmark creation and updates in archived channels, allowing authenticated users to create or modify bookmarks in channel...

This vulnerability allows authenticated users to execute slash commands in archived Mattermost channels, bypassing intended restrictions. It affects M...

Mattermost versions 9.11.x through 9.11.8 have an authorization flaw where users with the Viewer role configured with 'No Access to Reporting' can sti...

This CVE describes an information disclosure vulnerability in GitLab EE/CE that allows unauthorized users to access confidential information intended ...

This CVE describes an improper authorization vulnerability in GitLab EE that allows users with limited permissions to access potentially sensitive pro...

This vulnerability allows authenticated Mattermost users to export archived channel contents even when the 'Allow users to view archived channels' set...

This CVE describes an improper authorization vulnerability in GitLab CE/EE that allows users with limited permissions to perform unauthorized actions ...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security features and view select informati...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security features and read select data with...

CVE-2025-24419 is an incorrect authorization vulnerability in Adobe Commerce that allows low-privileged attackers to bypass security features and modi...

CVE-2025-24869 is an information disclosure vulnerability in SAP NetWeaver Application Server Java that allows unauthorized access to endpoint data re...

This vulnerability in SAP ABAP Platform's ABAP Build Framework allows authenticated attackers to access a specific transaction without proper authoriz...

This CVE describes a client certificate authentication bypass vulnerability in nginx when multiple server blocks share the same IP/port. Attackers can...

CVE-2024-22316 is an improper access control vulnerability in IBM Sterling File Gateway that allows authenticated users to perform unauthorized action...

The Jenkins Eiffel Broadcaster Plugin vulnerability allows attackers who can create credentials with the same ID as legitimate ones in different crede...

This vulnerability in Oracle PeopleSoft Enterprise CC Common Application Objects allows authenticated attackers with low privileges to read sensitive ...

This vulnerability in Oracle JD Edwards EnterpriseOne Tools allows authenticated attackers with low privileges to modify data via HTTP requests. It af...

This vulnerability allows unauthenticated attackers to modify URL filter settings on affected D-Link DIR-816A2 routers via a crafted POST request. Att...

This CVE describes an incorrect authorization vulnerability in Drupal's Freelinking module that allows forceful browsing. Attackers can bypass intende...

This vulnerability allows authenticated users to perform unauthorized actions on the alerting function in Synology Surveillance Station. Attackers wit...

Adobe Commerce has an incorrect authorization vulnerability that allows low-privileged attackers to bypass security features and potentially modify da...

This vulnerability in JetBrains YouTrack allows unauthorized users to access global application configuration data. It affects all YouTrack instances ...

This vulnerability allows logged-in users in the EZD RP system to list all users, including those from other organizations, violating access control b...

This vulnerability in Citrix Provisioning allows non-admin users to temporarily disrupt target VM availability through improper authorization checks. ...

An incorrect authorization vulnerability in Cybozu Garoon allows authenticated users to delete Shared To-Do data they shouldn't have access to. This a...

This CVE describes a Same-Origin Policy bypass vulnerability in Microsoft browsers that allows attackers to force browsers to send cross-origin data t...

This vulnerability in SchedMD Slurm allows a Coordinator user to escalate privileges to Administrator level through the accounting system. It affects ...

HTCondor Access Point versions 24.7.3 through 25.3.0 allow authenticated users to impersonate other users on the local machine by submitting batch job...

This vulnerability allows malicious Mattermost users to create posts with fake Jira plugin actions that exfiltrate Jira tickets when other users inter...

This vulnerability allows secondary users on Samsung Galaxy Tablets to access the primary owner's saved Wi-Fi passwords due to improper authorization ...

This macOS vulnerability allows applications to bypass security checks and access sensitive user data without proper authorization. It affects macOS s...

This CVE describes an incorrect privilege assignment vulnerability in certain Honor products. Successful exploitation could cause device service excep...

This vulnerability allows local attackers to bypass authorization checks in Samsung's kperfmon performance monitoring component, enabling unauthorized...

This vulnerability allows local attackers to bypass authorization checks in CocktailbarService on Samsung devices, enabling access to privileged Edge ...

This vulnerability allows attackers who obtain remote cluster invite tokens to authenticate as remote clusters and perform limited actions on shared c...

CVE-2025-15288 is an improper access control vulnerability in Tanium Interact that could allow authenticated users to access data or perform actions b...