CWE-284 (访问控制不恰当) — Vulnerability Class 2041

2041 vulnerabilities classified as CWE-284 (访问控制不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-11646	Tomofun Furbo 360/Furbo Mini GATT Service access control — Furbo 360	6.3	Medium	2025-10-12
CVE-2025-11641	Tomofun Furbo 360/Furbo Mini Trial Restriction access control — Furbo 360	3.9	Low	2025-10-12
CVE-2025-62159	External Secrets Operator's BeyondTrust Provider has Insecure Secret Retrieval — external-secrets	9.8^AI	Critical^AI	2025-10-10
CVE-2025-59218	Azure Entra ID Elevation of Privilege Vulnerability — Microsoft Entra	9.6	Critical	2025-10-09
CVE-2025-11440	JhumanJ OpnForm edit access control — OpnForm	4.3	Medium	2025-10-08
CVE-2025-11281	Frappe LMS Unpublished Course courses access control — LMS	5.0	Medium	2025-10-05
CVE-2025-58055	Discourse AI Suggestions Contain Insecure Direct Object Reference — discourse	4.3	Medium	2025-10-01
CVE-2023-50300	IBM Transformation Extender Advanced improper access control — Transformation Extender Advanced	5.1	Medium	2025-10-01
CVE-2025-20366	Improper Access Control in Background Job Submission in Splunk Enterprise — Splunk Enterprise	6.5	Medium	2025-10-01
CVE-2025-11163	SmartCrawl SEO checker, analyzer & optimizer <= 3.14.3 - Missing Authorization to Plugin Settings Update — SmartCrawl SEO checker, analyzer & optimizer	4.3	Medium	2025-09-30
CVE-2025-54875	FreshRSS: Unauthorized creation of admin user when registration is enabled — FreshRSS	9.8	Critical	2025-09-29
CVE-2025-54591	FreshRSS: Unauthenticated users can view default user's information — FreshRSS	7.5	High	2025-09-29
CVE-2025-36351	IBM License Metric Tool bypass security — License Metric Tool	4.3	Medium	2025-09-29
CVE-2025-59932	FlagForgeCTF Unauthenticated Resource Modification/Deletion — flagForge	8.6	High	2025-09-27
CVE-2025-59422	Dify Has Broken Access Control on Log Message Endpoint Allows Reading of Chats of Others — dify	4.3^AI	Medium^AI	2025-09-25
CVE-2025-10957	Unrestricted FTP Access Vulnerability in Syrotech Router — Syrotech SY-GPON-2010-WADONT	9.8^AI	Critical^AI	2025-09-25
CVE-2025-48869	Horilla Unauthorized Access to Candidate Resume Files Due to Broken Access Control — horilla	7.5	High	2025-09-24
CVE-2025-20316	Cisco IOS XE 访问控制错误漏洞 — Cisco IOS XE Software	5.3	Medium	2025-09-24
CVE-2025-20339	Cisco SD-WAN vEdge Software Access Control List Bypass Vulnerability — Cisco SD-WAN vEdge Cloud	5.8	Medium	2025-09-24
CVE-2025-7106	Authorization Bypass due to Incorrect Access Control in danny-avila/librechat — danny-avila/librechat	8.1^AI	High^AI	2025-09-23
CVE-2025-5962	Rhel-lightspeed: improper access control in lightspeed history management allows local privilege manipulation — Red Hat Enterprise Linux 10	7.7	High	2025-09-22
CVE-2025-23329	NVIDIA Triton Inference Server 访问控制错误漏洞 — Triton Inference Server	7.5	High	2025-09-17
CVE-2025-10608	Portabilis i-Educar enrollment-history access control — i-Educar	6.3	Medium	2025-09-17
CVE-2025-59333	@executeautomation/database-server does not properly restrict access, bypassing a "read-only" mode — mcp-database-server	8.1	High	2025-09-16
CVE-2025-10491	MongoDB Windows installation MSI may leave ACLs unset on custom installation directories — MongoDB Server	7.8	High	2025-09-15
CVE-2025-10247	JEPaaS Filter doFilterInternal access control — JEPaaS	6.3	Medium	2025-09-11
CVE-2025-20159	Cisco IOS XR Software Management Interface ACL Bypass Vulnerability — Cisco IOS XR Software	5.3	Medium	2025-09-10
CVE-2025-54116	Windows MultiPoint Services Elevation of Privilege Vulnerability — Windows 10 Version 1507	7.3	High	2025-09-09
CVE-2025-54098	Windows Hyper-V Elevation of Privilege Vulnerability — Windows 10 Version 1507	7.8	High	2025-09-09
CVE-2025-49692	Azure Connected Machine Agent Elevation of Privilege Vulnerability — Azure Connected Machine Agent	7.8	High	2025-09-09

Vulnerabilities classified as CWE-284 (访问控制不恰当) represent 2041 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-284 (访问控制不恰当) — Vulnerability Class 2041