CWE-863 · Incorrect Authorization

3115 CVEs classified under CWE-863 (Incorrect Authorization). Browse by severity and year.

Top CVEs for CWE-863
CVESeverityScorePublishedSummary
CVE-2026-48286Critical10.02026-06-30Adobe Campaign Classic (ACC) versions 7.4.3 build 9396 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code…
CVE-2026-48772Critical10.02026-06-19ProxySQL is a proxy for MySQL and its forks, as well as PostgreSQL. In versions 2.0.0 through 3.0.8, the ProxySQL MySQL frontend accepts the `PROXY UNKNOWN <ad…
CVE-2026-48303Critical10.02026-06-09Adobe Campaign Classic (ACC) versions 7.4.3 build 9394 and earlier are affected by an Incorrect Authorization vulnerability that could result in arbitrary code…
CVE-2026-44330Critical10.02026-05-27free5GC is an open-source implementation of the 5G core network. Prior to 4.2.2, free5GC's NEF mounts the nnef-pfdmanagement route group without inbound OAuth2…
CVE-2026-46595Critical10.02026-05-22Previously, CVE-2024-45337 fixed an authorization bypass for misused ssh server configurations; if any other type of callback is passed other than public key…
CVE-2026-33105Critical10.02026-04-03Improper authorization in Microsoft Azure Kubernetes Service allows an unauthorized attacker to elevate privileges over a network.
CVE-2026-32213Critical10.02026-04-03Improper authorization in Azure AI Foundry allows an unauthorized attacker to elevate privileges over a network.
CVE-2025-54253Critical10.02025-08-05Adobe Experience Manager versions 6.5.23 and earlier are affected by a Misconfiguration vulnerability that could result in arbitrary code execution. An attacke…
CVE-2025-26853Critical10.02025-03-20DESCOR INFOCAD 3.5.1 and before and fixed in v.3.5.2.0 has a broken authorization schema.
CVE-2023-4617Critical10.02024-12-19Incorrect authorization vulnerability in HTTP POST method in Govee Home application on Android and iOS allows remote attacker to control devices owned by other…
CVE-2023-23924Critical10.02023-02-01Dompdf is an HTML to PDF converter. The URI validation on dompdf 2.0.1 can be bypassed on SVG parsing by passing `<image>` tags with uppercase letters. This ma…
CVE-2022-24783Critical10.02022-03-25Deno is a runtime for JavaScript and TypeScript. The versions of Deno between release 1.18.0 and 1.20.2 (inclusive) are vulnerable to an attack where a malicio…
CVE-2022-21141Critical10.02022-02-18MMP: All versions prior to v1.0.3, PTP C-series: Device versions prior to v2.8.6.1, and PTMP C-series and A5x: Device versions prior to v2.5.4.1 does not perfo…
CVE-2021-38503Critical10.02021-12-08The iframe sandbox rules were not correctly applied to XSLT stylesheets, allowing an iframe to bypass restrictions such as executing scripts or navigating the…
CVE-2021-37705Critical10.02021-08-13OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. Starting with OneFuzz 2.12.0 or greater, an incomplete authorization check allows an authe…
CVE-2020-11844Critical10.02020-05-29Incorrect Authorization vulnerability in Micro Focus Container Deployment Foundation component affects products: - Hybrid Cloud Management. Versions 2018.05 to…
CVE-2018-18815Critical10.02019-03-07The REST API component of TIBCO Software Inc.'s TIBCO JasperReports Server, TIBCO JasperReports Server Community Edition, TIBCO JasperReports Server for Active…
CVE-2026-48781Critical9.92026-06-17Postiz is an AI social media scheduling tool. In versions prior to 2.21.8, the Skool integration callback signed an attacker-controlled JSON blob into a sessio…
CVE-2026-45552Critical9.92026-06-10Roxy-WI is a web interface for managing Haproxy, Nginx, Apache and Keepalived servers. In versions 8.2.6.4 and prior, the install blueprint declares only bp.be…
CVE-2026-41283Critical9.92026-06-04OpenStack Mistral through 22.0.0 allows Arbitrary Remote Code Execution when the API is exposed. There are endpoints that allow code execution, which can lead…