Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-267 (特权定义了不安全动作) — Vulnerability Class 42

42 vulnerabilities classified as CWE-267 (特权定义了不安全动作). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27314 Apache Cassandra: Privilege escalation via ADD IDENTITY authorization bypass — Apache Cassandra 8.8AIHighAI2026-04-07
CVE-2026-2460 Hitachi Energy Relion REB500 安全漏洞 — Relion REB500 7.3 -2026-02-24
CVE-2026-2459 Hitachi Energy Relion REB500 安全漏洞 — Relion REB500 7.1 -2026-02-24
CVE-2025-14349 Business Logic Error in Universal Software's FlexCity/Kiosk — FlexCity/Kiosk 8.8 High2026-02-13
CVE-2026-0945 Role Delegation - Moderately critical - Access bypass - SA-CONTRIB-2026-002 — Role Delegation 8.8AIHighAI2026-02-04
CVE-2025-13979 Mini site - Moderately critical - Cross-Site Scripting - SA-CONTRIB-2025-117 — Mini site 5.4AIMediumAI2026-01-28
CVE-2026-23526 CVAT vulnerable to privilege escalation of users with staff status — cvat 6.5AIMediumAI2026-01-21
CVE-2025-53900 Kiteworks MFT has a Privilege Defined With Unsafe Actions — security-advisories 6.5 Medium2025-11-29
CVE-2025-41244 VMSA-2025-0015: VMware Aria Operations and VMware Tools updates address multiple vulnerabilities (CVE-2025-41244,CVE-2025-41245, CVE-2025-41246) — VCF operations 7.8 High2025-09-29
CVE-2025-7691 Privilege Defined With Unsafe Actions in GitLab — GitLab 6.5 Medium2025-09-26
CVE-2025-26467 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) — Apache Cassandra 8.8 -2025-08-25
CVE-2025-47811 Wing FTP Server 安全漏洞 — Wing FTP Server 4.1 Medium2025-07-10
CVE-2025-7030 Two-factor Authentication (TFA) - Less critical - Access bypass - SA-CONTRIB-2025-085 — Two-factor Authentication (TFA) 8.1AIHighAI2025-07-08
CVE-2025-23015 Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions — Apache Cassandra 8.8 -2025-02-04
CVE-2024-7571 Ivanti Secure Access Client 安全漏洞 — Secure Access Client 7.8 High2024-11-12
CVE-2024-8539 Ivanti Secure Access Client 安全漏洞 — Secure Access Client 7.1 High2024-11-12
CVE-2024-47906 Ivanti Connect Secure 安全漏洞 — Connect Secure 7.8 High2024-11-12
CVE-2024-8631 Privilege Defined With Unsafe Actions in GitLab — GitLab 5.5 Medium2024-09-12
CVE-2024-20411 Cisco NX-OS Bash Arbitrary Code Execution Vulnerability — Cisco NX-OS Software 6.7 Medium2024-08-28
CVE-2024-42365 Asterisk allows `Write=originate` as sufficient permissions for code execution / `System()` dialplan — asterisk 7.4 High2024-08-08
CVE-2024-39866 Siemens SINEMA Remote Connect 安全漏洞 — SINEMA Remote Connect Server 8.8 High2024-07-09
CVE-2023-28049 Dell Command | Monitor 安全漏洞 — Dell Command Monitor (DCM) 4.7 Medium2024-02-06
CVE-2023-41966 Sielco Radio Link and Analog FM Transmitters Privilege Defined With Unsafe Actions — Analog FM transmitter 6.5 Medium2023-10-26
CVE-2023-43746 BIG-IP Appliance mode external monitor vulnerability — BIG-IP 8.7 High2023-10-10
CVE-2023-44218 SonicWALL NetExtender 安全漏洞 — NetExtender 8.8 High2023-10-03
CVE-2023-32457 Dell PowerScale OneFS 安全漏洞 — PowerScale OneFS 7.5 High2023-08-29
CVE-2023-22647 Rancher Labs Rancher 安全漏洞 — Rancher 9.9 Critical2023-06-01
CVE-2023-2983 Privilege Defined With Unsafe Actions in pimcore/pimcore — pimcore/pimcore 8.8 -2023-05-30
CVE-2021-44547 Odoo 安全漏洞 — Odoo Community 7.2 -2023-04-25
CVE-2021-23186 Odoo 安全漏洞 — Odoo Community 6.5 -2023-04-25

Vulnerabilities classified as CWE-267 (特权定义了不安全动作) represent 42 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.