Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-280 (不充分权限或特权的处理不恰当) — Vulnerability Class 106

106 vulnerabilities classified as CWE-280 (不充分权限或特权的处理不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-29826 Microsoft Dataverse Elevation of Privilege Vulnerability — Microsoft Dataverse 7.3 High2025-05-13
CVE-2025-46740 Improper Handling of Insufficient Permissions — SEL Blueframe OS 7.5 High2025-05-12
CVE-2025-46584 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.8 High2025-05-06
CVE-2025-31173 Huawei HarmonyOS 安全漏洞 — HarmonyOS 8.8 High2025-04-07
CVE-2025-31172 Huawei HarmonyOS 安全漏洞 — HarmonyOS 7.8 High2025-04-07
CVE-2025-0468 GPU DDK - ui64RobustnessAddress can overwrite Freelist / HWRT (and bypass PMMETA) — Graphics DDK 5.5AIMediumAI2025-04-04
CVE-2024-55604 Appsmith's Broken Access Control Allows Viewer Role User to Query Datasources — appsmith 6.5AIMediumAI2025-03-25
CVE-2024-8315 Improper Handling of Insufficient Permissions or Privileges in B&R APROL — B&R APROL 5.5AIMediumAI2025-03-25
CVE-2025-0478 GPU DDK - PMMETA_PROTECT PMR can be exported as dma-buf file / GEM object — Graphics DDK 5.5AIMediumAI2025-03-24
CVE-2024-51459 IBM InfoSphere Server Information command execution — InfoSphere Information Server 8.4 High2025-03-19
CVE-2025-27521 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.8 Medium2025-03-04
CVE-2025-20649 MediaTek Chipsets 安全漏洞 — MT6880, MT6890, MT6980, MT6990, MT7663, MT7902, MT7925, MT7927, MT7961 6.5 -2025-03-03
CVE-2024-6697 Hitachi Vantara Pentaho Business Analytics Server - Improper Handling of Insufficient Permissions or Privileges — Pentaho Data Integration & Analytics 6.5 Medium2025-02-19
CVE-2025-22129 Initial effort field does not respect field permissions in the Taskboard REST card representation in Tuleap — tuleap 4.3 Medium2025-02-03
CVE-2025-24029 Artifact permissions are not verified in the Cross Tracker Search widget in Tuleap — tuleap 5.3 Medium2025-02-03
CVE-2024-12430 ABB AC500 安全漏洞 — AC500 V3 7.0 High2025-01-07
CVE-2025-22395 Dell Update Package Framework 安全漏洞 — Dell Update Package (DUP) Framework 8.2 High2025-01-07
CVE-2024-43705 GPU DDK - Security: Exploitable PVRSRVBridgePhysmemWrapExtMem may lead to overwrite read-only file/memory (e.g. libc.so) — Graphics DDK 7.1 -2024-12-28
CVE-2024-42194 HCL BigFix Inventory is affected by an access control vulnerability — BigFix Inventory 3.1 Low2024-12-17
CVE-2024-46874 Ruijie Reyee OS Improper Handling of Insufficient Permissions or Privileges — Reyee OS 8.1 High2024-12-06
CVE-2024-43702 GPU DDK - MLIST/PM render state buffers writable allowing arbitrary writes to kernel memory pages — Graphics DDK 7.8 -2024-11-30
CVE-2024-4692 Multiple missing permission checks — OpenText Application Automation Tools 4.3AIMediumAI2024-10-16
CVE-2024-4211 Multiple missing permission checks — OpenText Application Automation Tools 4.3AIMediumAI2024-10-16
CVE-2024-47767 Tuleap lists trackers in the quick add actions of the backlog without any permissions check — tuleap 4.3 Medium2024-10-14
CVE-2024-47766 Permissions are incorrectly verified for project administrators in the cross tracker search widget — tuleap 4.9 Medium2024-10-14
CVE-2024-46988 Tuleap does not properly check permissions for email notifications in trackers — tuleap 4.8 Medium2024-10-14
CVE-2024-6660 BookingPress – Appointment Booking Calendar Plugin and Online Scheduling Plugin <= 1.1.5 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update and Arbitrary File Upload — Appointment Booking Calendar Plugin and Scheduling Plugin – BookingPress 8.8 High2024-07-17
CVE-2024-39691 Malicious Matrix homeserver can leak truncated message content of messages it shouldn't have access to — matrix-appservice-irc 4.3 Medium2024-07-05
CVE-2024-6302 Improper Handling of Insufficient Permissions or Privileges in Conduit — Conduit 8.1 High2024-06-25
CVE-2024-4468 Salon booking system <= 9.9 - Missing Authorization — Salon Booking System – Free Version 4.3 Medium2024-06-08

Vulnerabilities classified as CWE-280 (不充分权限或特权的处理不恰当) represent 106 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.