CWE-863: Incorrect Authorization

This vulnerability allows authenticated Gamma users in Apache Superset to gain unauthorized write permissions to charts they create on dashboards. The...

This vulnerability allows attackers to bypass secure boot protections on Aruba 9200 and 9000 Series Controllers and Gateways, enabling execution of ar...

An incorrect authorization vulnerability in Devolutions Server's virtual gateway component allows attackers to bypass IP deny rules. This affects Devo...

This CVE describes an authorization bypass vulnerability in OPEXUS eCASE Audit where authenticated attackers can modify client-side JavaScript or craf...

A missing server-side validation vulnerability in Rancher Manager allows users with update permissions on other User resources to modify the .username...

VMware Tools for Windows has an improper authorization vulnerability that allows authenticated non-administrative users on a guest VM to access other ...

This vulnerability allows unauthorized users to isolate devices in ManageEngine Endpoint Central due to incorrect authorization checks. Attackers coul...

This vulnerability allows attackers to bypass CODEOWNERS approval requirements in GitLab EE by adding changes to previously approved merge requests. I...

This vulnerability allows attackers to bypass Secure Boot protection on AXIS OS devices, potentially enabling unauthorized firmware modifications or p...

This vulnerability allows attackers to bypass route-based middleware protections in @hono/node-server applications by using URL-encoded slashes (%2F) ...

This vulnerability allows attackers to bypass authentication in OpenClaw's BlueBubbles iMessage plugin by sending webhook requests from localhost addr...

This vulnerability allows unauthenticated attackers to cause denial of service on GitLab instances by exploiting incorrect authorization validation in...

Masa CMS versions prior to 7.2.8, 7.3.13, and 7.4.6 contain an authorization bypass vulnerability. By appending '/tag/' to page URLs, attackers can ac...

OpenStack Keystone versions before 26.0.1, 27.0.0, and 28.0.0 contain an authorization bypass vulnerability where AWS Signature authentication can gra...

This vulnerability in Fujitsu iRMC S6 on M5 servers allows authentication bypass when usernames are exactly 16 characters long. Attackers can potentia...

Adobe Commerce has an incorrect authorization vulnerability that allows attackers to bypass security measures and gain unauthorized read access to sen...

This vulnerability allows attackers to bypass DNN Login IP Filters, enabling login attempts from IP addresses not on the allow list. It affects DNN.PL...

This vulnerability in Znuny allows users with CommunicationLog access to view S/MIME encrypted email content from tickets they shouldn't have access t...

Bookgy contains an authorization bypass vulnerability (CWE-863) that allows unauthenticated attackers to access private areas or functionality intende...

This vulnerability allows unauthorized access to sensitive keychain data from iOS backups. Attackers with physical access to backup files could extrac...

This CVE describes an improper access control vulnerability in GitLab where users who were previously instance administrators but have been downgraded...

An unauthenticated remote attacker can exploit this vulnerability in Oracle Agile PLM Framework to access sensitive data without authorization. This a...

CVE-2024-39025 is an incorrect access control vulnerability in the /users endpoint of Cpacker MemGPT v0.3.17 that allows attackers to access sensitive...

This ProFTPD vulnerability allows authenticated users to gain unintended access to files owned by group ID 0 (root group) due to improper supplemental...

This vulnerability in Oracle Agile PLM Framework allows unauthenticated attackers to remotely access sensitive data via HTTP. It affects organizations...

CVE-2024-50647 is an authorization bypass vulnerability in python_food ordering system V1.0 that allows attackers to access sensitive user information...

python_book V1.0 has an incorrect access control vulnerability that allows attackers to access sensitive user information by manipulating ID parameter...

This CVE describes a privacy vulnerability in macOS where applications could access sensitive location information from system logs. The issue affects...

CVE-2024-10295 is an authentication bypass vulnerability in APICast (Red Hat 3scale API Gateway) where malformed Basic Authentication headers with spe...

This CVE describes a vulnerability in Oracle VM VirtualBox that allows a high-privileged attacker with local access to the host system to potentially ...

This vulnerability allows unauthenticated attackers to delete arbitrary posts and pages in WordPress sites using the vulnerable Docket plugin. It affe...

OpenFGA versions 1.5.7 and 1.5.8 contain an authorization bypass vulnerability when using Check API with models containing 'but not' and 'from' expres...

This vulnerability allows unauthorized users to access any organization's evaluation results by simply knowing the evaluation ID, due to missing proje...

This vulnerability in Apache Archiva allows unauthenticated attackers to modify user account data, potentially leading to account takeover. It affects...

This CVE describes a permission control vulnerability in the package management module of Huawei/HarmonyOS systems. Successful exploitation could allo...

This vulnerability in IBM Tivoli Application Dependency Discovery Manager allows attackers on the local network to escalate privileges through unautho...

This CVE describes an unauthorized access vulnerability in Huawei's card management module, allowing attackers to bypass authentication and access sen...

CVE-2023-46992 is an authentication bypass vulnerability in TOTOLINK A3300R routers that allows unauthenticated attackers to reset critical passwords ...

This authentication bypass vulnerability in the SuperUser module for PrestaShop allows attackers to gain unauthorized administrative access without va...

This vulnerability allows unauthorized access to administrative interfaces in Tencent Enterprise WeChat Privatization deployments. Attackers can bypas...

This vulnerability allows attackers to bypass IP whitelist restrictions in IBM Aspera Faspex by sending specially crafted HTTP requests. Affected orga...

This vulnerability allows attackers to bypass audit detection in Zoho ManageEngine ADAudit Plus by creating or renaming user accounts with a '$' suffi...

This vulnerability allows attackers to force a factory reset on WavLink WavRouter devices via a crafted payload sent to the /cgi-bin/adm.cgi endpoint....

This CVE describes an improper authorization vulnerability in Huawei's SettingsProvider module that allows unauthorized access to system settings. Att...

This CVE describes an incorrect authorization vulnerability in Adobe Commerce that allows attackers to bypass security features and access other users...

This vulnerability allows attackers to bypass authorization rules in Sitecore's MVC Device Simulator component, potentially accessing restricted funct...

This vulnerability in Huawei's MediaPlaybackController SDK allows unauthorized access to media playback functionality due to improper permission verif...

This vulnerability in SecurePoint UTM firewalls allows attackers to obtain valid session IDs through invalid authentication attempts. These stolen ses...

The Salon booking system WordPress plugins (Free and Pro) before version 7.6.3 have improper authorization in some API endpoints. This allows customer...

This CVE describes an access control vulnerability in Dolibarr ERP/CRM's forgot-password function that allows email addresses as usernames, enabling a...