CWE-282 属主管理不恰当 类弱点 27 条 CVE 漏洞汇总,含 AI 中文分析。
CWE-282属于权限管理缺陷,指系统错误分配或未验证对象的所有权。攻击者常利用此漏洞篡改资源归属,从而绕过访问控制获取未授权权限或执行特权操作。开发者应实施严格的身份验证机制,确保所有权变更请求来自合法主体,并在关键操作前校验资源当前所有者,防止所有权被恶意劫持。
def killProcess(processID): os.kill(processID, signal.SIGKILL)def killProcess(processID): user = getCurrentUser() #Check process owner against requesting user if getProcessOwner(processID) == user: os.kill(processID, signal.SIGKILL) return else: print("You cannot kill a process you don't own") return| CVE ID | 标题 | CVSS | 风险等级 | Published |
|---|---|---|---|---|
| CVE-2026-40214 | OpenStack Cyborg 安全漏洞 — Cyborg | 6.3 | Medium | 2026-05-07 |
| CVE-2026-3867 | Moxa EDR-8010 Series和Moxa EDR-G9010 Series 安全漏洞 — EDR-8010 Series | 5.3AI | MediumAI | 2026-04-27 |
| CVE-2026-23514 | Kiteworks Core 安全漏洞 — core | 8.8 | High | 2026-03-25 |
| CVE-2025-57732 | JetBrains TeamCity 安全漏洞 — TeamCity | 7.5 | High | 2025-08-20 |
| CVE-2025-1112 | IBM OpenPages with Watson 安全漏洞 — OpenPages with Watson | 4.3 | Medium | 2025-07-09 |
| CVE-2025-46416 | Nix、lix和GNU Guix 安全漏洞 — Nix | 2.9 | Low | 2025-06-27 |
| CVE-2025-3629 | IBM InfoSphere Information Server 安全漏洞 — InfoSphere Information Server | 4.3 | Medium | 2025-06-21 |
| CVE-2025-32946 | PeerTube 安全漏洞 | 5.3 | Medium | 2025-04-15 |
| CVE-2025-32945 | PeerTube 安全漏洞 | 4.3 | Medium | 2025-04-15 |
| CVE-2025-27254 | GE Vernova EnerVista UR 授权问题漏洞 — EnerVista UR Setup | 8.0 | High | 2025-03-10 |
| CVE-2024-13249 | Drupal 安全漏洞 — Node Access Rebuild Progressive | 8.1 | - | 2025-01-09 |
| CVE-2024-13246 | Drupal 安全漏洞 — Node Access Rebuild Progressive | 8.1 | - | 2025-01-09 |
| CVE-2024-43176 | IBM OpenPages 安全漏洞 — OpenPages | 5.4 | Medium | 2025-01-09 |
| CVE-2024-47816 | ImportDump 安全漏洞 — ImportDump | 6.4 | Medium | 2024-10-09 |
| CVE-2024-39755 | Veertu Anka Build 安全漏洞 — Anka Build | 7.8 | High | 2024-10-03 |
| CVE-2024-8949 | Online Eyewear Shop 安全漏洞 — Online Eyewear Shop | 6.3 | Medium | 2024-09-17 |
| CVE-2024-45104 | Lenovo XClarity Administrator 安全漏洞 — XClarity Administrator | 6.3 | Medium | 2024-09-13 |
| CVE-2024-45103 | Lenovo XClarity Administrator 安全漏洞 — XClarity Administrator | 4.3 | Medium | 2024-09-13 |
| CVE-2024-37999 | Medicalis Workflow Orchestrator 安全漏洞 — Medicalis Workflow Orchestrator | 7.8 | High | 2024-07-08 |
| CVE-2024-3383 | Palo Alto Networks PAN-OS 安全漏洞 — PAN-OS | 7.4 | High | 2024-04-10 |
| CVE-2023-7226 | meetyoucrop big-whale 安全漏洞 — big-whale | 6.3 | Medium | 2024-01-11 |
| CVE-2023-0989 | GitLab 安全漏洞 — GitLab | 4.3 | Medium | 2023-09-29 |
| CVE-2023-0386 | Linux kernel 安全漏洞 — Kernel | 7.8 | - | 2023-03-22 |
| CVE-2022-29187 | Github Git 代码问题漏洞 — git | 7.8 | High | 2022-07-12 |
| CVE-2022-0026 | Palo Alto Networks Cortex XDR Agent 安全漏洞 — Cortex XDR Agent | 6.7 | Medium | 2022-05-11 |
| CVE-2020-10632 | Emerson Electric OpenEnterprise 安全漏洞 — OpenEnterprise SCADA Software | 8.8 | High | 2022-02-24 |
| CVE-2017-12189 | Red Hat JBoss Enterprise Application Platform 安全漏洞 — Red Hat JBoss Enterprise Application Platform | 7.8 | - | 2018-01-10 |
CWE-282(属主管理不恰当) 是常见的弱点类别,本平台收录该类弱点关联的 27 条 CVE 漏洞。