目标达成 感谢每一位支持者 — 我们达成了 100% 目标!

目标: 1000 元 · 已筹: 1310

100%
请我们喝杯咖啡

CWE-280 不充分权限或特权的处理不恰当 类漏洞列表 117

CWE-280 不充分权限或特权的处理不恰当 类弱点 117 条 CVE 漏洞汇总,含 AI 中文分析。

CWE-280属于权限处理缺陷,指程序未正确应对权限不足的情况,导致进入意外代码路径并可能引发状态异常。攻击者常通过构造低权限请求或篡改身份凭证,触发程序逻辑错误以获取未授权访问或造成服务中断。开发者应实施严格的权限校验机制,确保在权限不足时执行安全的默认拒绝策略,并记录相关日志以便审计,从而防止因权限判断失误导致的安全风险。

MITRE CWE 官方描述
CWE:CWE-280 处理权限或特权不足不当 英文:当产品因权限不足而无法访问资源或功能时,未能正确处理或错误地处理了这种情况。这可能导致其遵循非预期的代码路径,从而使产品处于无效状态。
常见影响 (1)
OtherOther, Alter Execution Logic
缓解措施 (2)
Architecture and DesignCompartmentalize the system to have "safe" areas where trust boundaries can be unambiguously drawn. Do not allow sensitive data to go outside of the trust boundary and always be careful when interfacing with a compartment outside of the safe area. Ensure that appropriate compartmentalization is built into the system design, and the compartmentalization allows for and reinforces privilege separatio…
ImplementationAlways check to see if you have successfully accessed a resource or system functionality, and use proper error handling if it is unsuccessful. Do this even when you are operating in a highly privileged mode, because errors or environmental conditions might still cause a failure. For example, environments with highly granular permissions/privilege models, such as Windows or Linux capabilities, can …
CVE ID标题CVSS风险等级Published
CVE-2026-10549 Yandex数据库权限提升漏洞 — Yandex Database--2026-06-02
CVE-2026-9792 Keycloak 安全漏洞 — Red Hat Build of Keycloak 6.5 Medium2026-05-28
CVE-2026-2340 Samba 安全漏洞 — Red Hat Enterprise Linux 10 6.5 Medium2026-05-27
CVE-2026-44201 Wagtail 安全漏洞 — wagtail 5.3 Medium2026-05-11
CVE-2026-44200 Wagtail 安全漏洞 — wagtail 6.5 Medium2026-05-11
CVE-2026-44199 Wagtail 安全漏洞 — wagtail 6.5 Medium2026-05-11
CVE-2026-44198 Wagtail 安全漏洞 — wagtail 4.3 Medium2026-05-11
CVE-2026-44197 Wagtail 安全漏洞 — wagtail 6.5 Medium2026-05-11
CVE-2026-6805 ERCOM Cryptobox 安全漏洞 — Cryptobox 5.9AIMediumAI2026-05-07
CVE-2026-20448 MediaTek Chipsets 安全漏洞 — MediaTek chipset 6.7 -2026-05-04
CVE-2026-27910 Microsoft Windows Installer 安全漏洞 — Windows 10 Version 1607 7.8 High2026-04-14
CVE-2026-24096 Checkmk 安全漏洞 — Checkmk 8.8AIHighAI2026-04-01
CVE-2026-2123 OpenText Operations Agent 安全漏洞 — Operations Agent 7.8 -2026-03-31
CVE-2026-3190 Keycloak 安全漏洞 — Red Hat build of Keycloak 26.4 4.3 Medium2026-03-26
CVE-2026-21736 Imagination Graphics DDK 安全漏洞 — Graphics DDK 7.1AIHighAI2026-03-09
CVE-2026-1772 Hitachi Energy RTU500 安全漏洞 — RTU500 series CMU firmware 5.3AIMediumAI2026-02-24
CVE-2026-23857 Dell Update Package Framework 安全漏洞 — Update Package 8.2 High2026-02-12
CVE-2025-67848 Moodle 安全漏洞 8.1 High2026-02-03
CVE-2026-20817 Microsoft Windows Error Reporting 安全漏洞 — Windows 10 Version 21H2 7.8 High2026-01-13
CVE-2025-64997 Checkmk 安全漏洞 — Checkmk 6.5AIMediumAI2025-12-18
CVE-2025-58770 AMI AptioV 安全漏洞 — AptioV 7.8AIHighAI2025-12-12
CVE-2025-58121 Checkmk 安全漏洞 — Checkmk 8.8AIHighAI2025-11-18
CVE-2025-58122 Checkmk 安全漏洞 — Checkmk 8.1AIHighAI2025-11-18
CVE-2025-58410 Imagination Graphics DDK 安全漏洞 — Graphics DDK 7.8AIHighAI2025-11-17
CVE-2025-62510 FileRise 访问控制错误漏洞 — FileRise 8.1 High2025-10-20
CVE-2025-62509 FileRise 访问控制错误漏洞 — FileRise 8.1 High2025-10-20
CVE-2025-62176 Mastodon 安全漏洞 — mastodon 4.3 Medium2025-10-13
CVE-2025-45376 Dell Repository Manager 安全漏洞 — Dell Repository Manager (DRM) 7.5 High2025-09-29
CVE-2025-58457 Apache ZooKeeper 安全漏洞 — Apache ZooKeeper 8.8AIHighAI2025-09-24
CVE-2025-59040 Enalean Tuleap Community Edition和Enalean Tuleap Enterprise Edition 安全漏洞 — tuleap 4.3 Medium2025-09-18

CWE-280(不充分权限或特权的处理不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 117 条 CVE 漏洞。