CWE-863: Incorrect Authorization

This vulnerability allows attackers to bypass Deno's permission system for database read/write operations using the ATTACH DATABASE SQL statement. It ...

This vulnerability allows attackers to bypass authentication in the Schule school management system by manipulating client-side JavaScript role valida...

This CVE describes an incorrect authorization vulnerability in Adobe ColdFusion that allows high-privileged attackers to bypass authentication mechani...

This vulnerability in Pexip Infinity Connect allows remote attackers to execute arbitrary code by exploiting insufficient authenticity checks when loa...

CVE-2025-24434 is an incorrect authorization vulnerability in Adobe Commerce that allows attackers to bypass security controls and escalate privileges...

This vulnerability allows password autofill to fill passwords even after authentication fails, potentially exposing credentials. It affects users of A...

A system binary vulnerability in Apple operating systems could allow an attacker to fingerprint a user's Apple Account, potentially revealing account ...

This vulnerability allows attackers to bypass authentication in OPEXUS FOIAXPRESS PUBLIC ACCESS LINK v11.1.0 by sending specially crafted web requests...

This CVE describes an incorrect authorization vulnerability in Drupal's Monster Menus module that allows forceful browsing (unauthorized access to res...

This vulnerability allows attackers to bypass authorization controls in Drupal Smart IP Ban module, enabling forceful browsing to access restricted co...

This CVE describes an incorrect authorization vulnerability in Drupal's Advanced PWA inc Push Notifications module that allows forceful browsing. Atta...

CVE-2024-54662 is an incorrect access control vulnerability in Dante SOCKS proxy server that allows bypassing authentication restrictions when using c...

CVE-2024-52732 is an incorrect access control vulnerability in wms-Warehouse management system-zeqp v2.20.9.1 where token values are reused, allowing ...

This CVE describes an authentication bypass vulnerability in Apple's password autofill feature. When exploited, it allows unauthorized access to passw...

This vulnerability in C-CHIP mobile app v1.2.8 allows remote attackers to extract sensitive information through the firmware update process. Attackers...

A vulnerability in GIANT MANUFACTURING's RideLink app (version 2.0.7) allows remote attackers to access sensitive information through the firmware upd...

This vulnerability in SwitchBot's mobile app allows remote attackers to access sensitive information during firmware updates. Attackers can intercept ...

This vulnerability in BURG-WCHTER KG's de.burgwachter.keyapp.app version 4.5.0 allows remote attackers to obtain sensitive information through the fir...

This vulnerability allows attackers to bypass OAuth2 client authentication in LemonLDAP::NG by sending an empty client_password parameter. Attackers c...

An unauthenticated attacker can edit hotel room entries in the administrator section of Kashipara Hotel Management System v1.0 due to incorrect access...

This vulnerability in Stalwart Mail Server allows attackers with arbitrary code execution as the stalwart-mail user (including web interface admins) t...

This vulnerability allows users who have been removed from an organization to continue accessing and manipulating logs and project data using old auth...

This vulnerability allows remote attackers to extract connection confirmation codes from KramerAV VIA Connect (2) and VIA Go (2) devices without physi...

This vulnerability in JetBrains TeamCity allows attackers to bypass permission checks and perform administrative actions without proper authorization....

This vulnerability in Garmin's Connect IQ platform allows malicious applications to access sensor history data without user permission. It affects Gar...

Argo CD versions 2.3.0-rc1 through 2.6.1 contain an improper authorization vulnerability that allows users with cluster secret update permissions to m...

This vulnerability in OpenStack Manila's Ceph filesystem integration allows a share owner to read or write any Manila share or the entire filesystem, ...

This vulnerability allows attackers to bypass the lock screen security feature in SoroushPlus+ Messenger 1.0.30 due to insufficient access controls. I...

This vulnerability allows malicious applications to bypass privacy preferences on Apple devices, potentially accessing sensitive user data without pro...

This macOS vulnerability allows malicious unsandboxed applications to bypass Privacy preferences when Remote Login is enabled. Attackers could gain un...

This vulnerability allows authenticated users with media manager access to delete files without proper permission checks in Joomla! 4.0.0. Attackers c...

CVE-2021-20538 is an incorrect authorization vulnerability in IBM Cloud Pak for Security that allows authenticated users to access sensitive informati...

This vulnerability in Apache Solr's ConfigurableInternodeAuthHadoopPlugin causes distributed requests to be forwarded using server credentials instead...

A namespace label injection vulnerability in Capsule v0.10.3 and earlier allows authenticated tenant users to inject arbitrary labels into system name...

This vulnerability in ASPECT systems allows attackers with compromised administrator credentials to delete system files, potentially causing service d...

The CVE-2023-46241 vulnerability in the discourse-microsoft-auth plugin allows attackers to potentially take control of victims' Discourse accounts th...

CVE-2017-9453 is an authentication bypass vulnerability in BMC Server Automation that allows attackers to execute arbitrary commands through the Proce...

UniFi OS 3.1 introduces a misconfiguration that allows local network users to directly access MongoDB on affected Cloud Key devices. This vulnerabilit...