CWE-863: Incorrect Authorization

This vulnerability in HTCondor allows users authenticating with SciTokens to gain unauthorized access beyond their intended permissions. It affects HT...

This vulnerability allows authenticated low-privilege users on FortiWLC wireless LAN controllers to bypass GUI restrictions and execute arbitrary comm...

The AutomatorWP WordPress plugin before version 1.7.6 lacks proper capability checks on AJAX endpoints, allowing authenticated users with Subscriber r...

This vulnerability allows attackers to bypass file upload blacklists in WUZHI CMS, potentially leading to remote code execution. It affects all WUZHI ...

This vulnerability in MediaWiki's FileImporter extension allows users with insufficient permissions to upload files when certain relaxed configuration...

CVE-2020-20471 is an unauthorized access vulnerability in White Shark System (WSS) 1.3.2 that allows remote attackers to escalate privileges to admin ...

This vulnerability allows a nearby Bluetooth device to bypass authentication during Bluetooth Mesh provisioning, potentially gaining unauthorized acce...

This vulnerability allows a low-privileged attacker with local Windows access to insert malicious files into the TIBCO Messaging installation director...

This vulnerability allows a low-privileged attacker with local Windows access to insert malicious files into TIBCO Enterprise Message Service installa...

This CVE describes a local privilege escalation vulnerability in TIBCO eFTL installations on Windows. A low-privileged attacker with local access can ...

This vulnerability allows a low-privileged attacker with local Windows access to insert malicious software into TIBCO FTL installation directories, wh...

CVE-2020-25239 is an authorization bypass vulnerability in Siemens SINEMA Remote Connect Server that allows unprivileged users to modify UMC authoriza...

This vulnerability allows attackers to bypass authentication during SAML login in Zoho ManageEngine ServiceDesk Plus. Affected organizations using SAM...

This vulnerability allows any authenticated user (without administrative privileges) on Cisco Connected Mobile Experiences (CMX) to change any user's ...

A privilege escalation vulnerability in Combodo iTop allows authenticated users with webhook creation permissions (typically administrators) to execut...

This vulnerability in NVIDIA BlueField management interface allows local attackers to bypass authorization checks and modify system configuration. Exp...

This vulnerability allows users with DBADM authority in IBM Db2 to access other databases and read or modify files beyond their intended permissions. ...

This vulnerability allows attackers to execute unauthorized commands on GPU micronodes, leading to memory corruption and potential system compromise. ...

CVE-2025-0781 is a sandbox escape vulnerability in FlightGear's Nasal scripting engine that allows attackers to write arbitrary files to any location ...

This CVE describes a sandbox escape vulnerability in macOS that allows a sandboxed process to bypass security restrictions. It affects macOS Ventura a...

CVE-2020-17354 is a security bypass vulnerability in LilyPond music engraving software that allows attackers to execute arbitrary code despite the -ds...

CVE-2021-39206 is an authorization bypass vulnerability in Pomerium's underlying Envoy proxy that could allow specially crafted requests to bypass pat...

This vulnerability allows malicious OSAX scripting additions to bypass macOS Gatekeeper security checks and sandbox restrictions, potentially enabling...

This vulnerability in Plex Media Server allows attackers to obtain permanent access tokens using transient tokens via the /myplex/account API endpoint...

This vulnerability in Axis Communication's ACAP Application framework allows applications to bypass D-Bus method restrictions, potentially enabling un...

This vulnerability in GitLab CE/EE allows unauthorized access to the Kubernetes agent in a cluster under specific configurations. Attackers could pote...

This vulnerability in WSO2 products allows attackers to impersonate legitimate users through JIT provisioning flaws. Organizations using WSO2 products...

CVE-2021-32960 is an authentication bypass vulnerability in Rockwell Automation FactoryTalk Services Platform that allows authenticated remote attacke...

This CVE describes an incorrect authorization vulnerability in Adobe ColdFusion that allows high-privileged attackers to bypass security controls and ...

This vulnerability allows attackers to bypass access controls in Ruochan Smart firmware update processes, enabling unauthorized access to sensitive in...

This vulnerability allows attackers to extract sensitive information from Sylvania Smart Home firmware by analyzing the APK file. Attackers can access...

This vulnerability in Wear Sync v1.2.0 allows attackers to extract sensitive information from the APK file due to improper access controls in firmware...

In Capsule v0.7.0 and earlier, tenant owners can patch arbitrary namespaces that haven't been taken over by tenants, allowing them to gain control of ...

This CVE describes a sandbox escape vulnerability in Deno where granting file read/write permissions could unintentionally provide broader system acce...

This vulnerability in IBM Administration Runtime Expert for i allows local users to bypass proper authority checks and access sensitive information th...

CVE-2023-26097 is an authorization bypass vulnerability in Telindus Apsal software that allows unauthorized users to modify application behavior. This...

This vulnerability allows a user with standard permissions to access protected graphics memory regions due to improper access control in register conf...

SuiteCRM versions 7.14.7 and prior, and 8.0.0-beta.1 through 8.9.0 have an access control vulnerability where low-privileged users can view and create...

This vulnerability allows unauthorized users to list, view, edit, create, or delete all objects with object-management configurations in Valtimo Busin...

This vulnerability allows attackers to bypass authorization controls in ManageEngine Endpoint Central's remote office deployment configurations. Attac...

This vulnerability allows unauthenticated attackers with network access to bypass authentication and gain administrative privileges on Emerson gas chr...

This vulnerability in XWiki Platform allows attackers to execute Velocity scripts without proper script rights through the document tree. This affects...

This vulnerability in REVA's GRPC authorization middleware allows attackers to bypass scope verification on public links. Malicious users can exploit ...

Pexip Infinity versions 15.0 through 38.0 have an improper access control vulnerability in the Secure Scheduler for Exchange service when using Office...

This vulnerability allows administrators with access to /Applications to escalate privileges after uninstalling Pritunl Client. By replacing the remov...

This CVE describes an incorrect authorization vulnerability in Adobe Commerce that allows attackers to bypass security measures and gain unauthorized ...

This vulnerability in GitLab allows an attacker to trigger CI/CD pipelines as another user under specific conditions, potentially executing unauthoriz...

This vulnerability in Misskey allows attackers to spoof signed ActivityPub activity objects by exploiting improper JSON normalization. Attackers can i...

This vulnerability in Deno runtime version 1.39.0 allows arbitrary file descriptor manipulation, enabling attackers to bypass permission prompts and a...

This vulnerability in GitLab EE Ultimate allows attackers to impersonate users in CI/CD pipelines through direct transfer group imports. Attackers cou...