Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-284 (访问控制不恰当) — Vulnerability Class 2041

2041 vulnerabilities classified as CWE-284 (访问控制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-10072 Portabilis i-Educar enturmar access control — i-Educar 6.3 Medium2025-09-07
CVE-2025-10071 Portabilis i-Educar cancelar-enturmacao-em-lote access control — i-Educar 6.3 Medium2025-09-07
CVE-2025-10070 Portabilis i-Educar enturmacao-em-lote access control — i-Educar 6.3 Medium2025-09-07
CVE-2025-53791 Microsoft Edge (Chromium-based) Security Feature Bypass Vulnerability — Microsoft Edge (Chromium-based) 4.7 Medium2025-09-05
CVE-2025-10013 Portabilis i-Educar exportacao-para-o-seb access control — i-Educar 6.3 Medium2025-09-05
CVE-2025-55238 Dynamics 365 FastTrack Implementation Assets Information Disclosure Vulnerability — Dynamics 365 FastTrack Implementation 7.5 High2025-09-04
CVE-2025-54914 Azure Networking Elevation of Privilege Vulnerability — Networking 10.0 Critical2025-09-04
CVE-2025-55244 Azure Bot Service Elevation of Privilege Vulnerability — Azure Bot Service 9.0 Critical2025-09-04
CVE-2025-20335 Cisco Desk Phone 9800 Series, IP Phone 7800 and 8800 Series, and Video Phone 8875 with SIP Firmware Information Arbitrary File Write Vulnerability — Cisco Session Initiation Protocol (SIP) Software 5.3 Medium2025-09-03
CVE-2025-57758 Contao has improper access control in the back end voters — contao 4.3 Medium2025-08-28
CVE-2025-55741 unopim/unopim allows unauthorized product deletion via mass-delete endpoint — unopim 8.1 High2025-08-22
CVE-2025-53763 Azure Databricks Elevation of Privilege Vulnerability — Microsoft Purview Data Governance 9.8 Critical2025-08-21
CVE-2025-7051 N-central Syslog Configuration Insecure Direct Object Reference — N-central 8.3 High2025-08-21
CVE-2025-20131 Cisco Identity Services Engine Arbitrary File Upload Vulnerability — Cisco Identity Services Engine Software 4.9 Medium2025-08-20
CVE-2025-4962 IDOR Vulnerability in Template Creation via `projectId` Manipulation in lunary-ai/lunary — lunary-ai/lunary 4.3AIMediumAI2025-08-18
CVE-2017-20199 Buttercup buttercup-browser-extension Vault access control — buttercup-browser-extension 3.1 Low2025-08-15
CVE-2025-20219 Cisco Secure Firewall Adaptive Security Appliance and Secure Firewall Threat Defense Software Access Control Bypass Vulnerability — Cisco Adaptive Security Appliance (ASA) Software 5.3 Medium2025-08-14
CVE-2025-48861 BOSCH ctrlX OS 安全漏洞 — ctrlX OS - Setup 5.3 Medium2025-08-14
CVE-2025-48860 Bosch Rexroth ctrlX OS 安全漏洞 — ctrlX OS - Setup 8.0 High2025-08-14
CVE-2025-55196 External Secrets Operator Missing Namespace Restriction in PushSecret and SecretStore List() Calls Allows Unauthorized Secret Access — external-secrets 6.8AIMediumAI2025-08-13
CVE-2025-49707 Azure Virtual Machines Spoofing Vulnerability — DCadsv5-series Azure VM 7.9 High2025-08-12
CVE-2025-24999 Microsoft SQL Server Elevation of Privilege Vulnerability — Microsoft SQL Server 2016 Service Pack 3 (GDR) 8.8 High2025-08-12
CVE-2025-53729 Microsoft Azure File Sync Elevation of Privilege Vulnerability — Azure File Sync 7.8 High2025-08-12
CVE-2025-8795 LitmusChaos Litmus login access control — Litmus 6.3 Medium2025-08-10
CVE-2025-46391 Emby MediaBrowser 访问控制错误漏洞 — MediaBrowser 6.5 Medium2025-08-06
CVE-2025-27062 Improper Access Control in Automotive Multimedia — Snapdragon 7.8 High2025-08-06
CVE-2025-54871 Electron Capture is Vulnerable to TCC Bypass via Misconfigured Node Fuses (macOS) — electroncapture 5.5 Medium2025-08-05
CVE-2025-23277 NVIDIA GPU Display Driver 访问控制错误漏洞 — GPU Display Drivers 7.3 High2025-08-02
CVE-2025-53113 GLPI technicians can access unauthorized information through external links — glpi 2.7 Low2025-07-30
CVE-2025-53112 GLPI's incomprehensive permission checks can lead to data removal from allowed users — glpi 4.3 Medium2025-07-30

Vulnerabilities classified as CWE-284 (访问控制不恰当) represent 2041 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.