CWE-863: Incorrect Authorization

This vulnerability allows attackers who obtain remote cluster invite tokens to authenticate as remote clusters and perform limited actions on shared c...

CVE-2025-15288 is an improper access control vulnerability in Tanium Interact that could allow authenticated users to access data or perform actions b...

This vulnerability allows users with insufficient permissions to delete branches after merging pull requests in Gitea instances. It affects all Gitea ...

Mattermost versions before 11.0 fail to properly enforce the 'Allow users to view archived channels' setting, allowing regular users to access archive...

This vulnerability in JetBrains TeamCity allows improper access control that could expose GitHub App token metadata. It affects organizations using Te...

This vulnerability in opa-envoy-plugin allows attackers to bypass authorization policies by crafting HTTP requests with double-slash prefixes in paths...

This CVE describes an authorization vulnerability in WeKan where users with read-only board roles can perform card updates that should require write p...

This CVE describes an authorization bypass vulnerability in WeKan where the allowPrivateOnly configuration setting is not properly enforced. When enab...

This vulnerability in Wekan allows non-administrative users to access migration functionality due to insufficient permission checks. This could enable...

This vulnerability in WeKan allows attackers to upload attachments to arbitrary locations by exploiting inconsistent validation of object relationship...

This vulnerability in InputPlumber's D-Bus interface allows local attackers to bypass authorization checks. Attackers can cause denial-of-service, lea...

This vulnerability allows workers authorized for one Temporal namespace to create, signal, or cancel workflows in other namespaces when cross-namespac...

This vulnerability allows users authorized for one Temporal namespace to bypass that namespace's validation rules and feature gates by specifying a di...

This CVE describes an incorrect authorization vulnerability in Data Illusion Zumbrunn NGSurvey that allows any authenticated user to access private in...

CVE-2025-11862 is an authorization bypass vulnerability in Verve Asset Manager that allows read-only users to perform unauthorized user management ope...