Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-284 (访问控制不恰当) — Vulnerability Class 2044

2044 vulnerabilities classified as CWE-284 (访问控制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-0551 Download and export of file via default user role — mintplex-labs/anything-llm 7.1 -2024-02-27
CVE-2024-24568 Suricata http2: header handling evasion — suricata 5.3 Medium2024-02-26
CVE-2024-1823 CodeAstro Simple Voting System Backend users.php access control — Simple Voting System 5.3 Medium2024-02-23
CVE-2024-1053 Event Tickets and Registration <= 5.8.1 - Missing Authorization — Event Tickets and Registration 4.3 Medium2024-02-22
CVE-2024-20325 Cisco Unified Intelligence Center 安全漏洞 — Cisco Unified Intelligence Center 5.1 Medium2024-02-21
CVE-2024-1701 keerti1924 PHP-MYSQL-User-Login-System edit.php access control — PHP-MYSQL-User-Login-System 5.3 Medium2024-02-21
CVE-2024-1294 Sunshine Photo Cart: Free Client Galleries for Photographers <= 3.0.24 - Unauthenticated Sensitive Information Exposure via Invoice — Sunshine Photo Cart – Client Photo Gallery & Photo Proofing for Photographers 5.3 Medium2024-02-20
CVE-2024-1288 Schema & Structured Data for WP & AMP <= 1.26 - Missing Authorization to reCaptcha Key Modification — Schema & Structured Data for WP & AMP 4.3 Medium2024-02-20
CVE-2024-0978 My Private Site <= 3.0.14 - Improper Access Control to Sensitive Information Exposure via REST API — My Private Site 5.3 Medium2024-02-20
CVE-2024-1472 WP Maintenance <= 6.1.6 - Information Exposure — WP Maintenance 5.3 Medium2024-02-20
CVE-2024-1492 WPify Woo Czech <= 4.0.8 - Missing Authorization — WPify Woo Czech 5.3 Medium2024-02-20
CVE-2024-1475 Coming Soon Maintenance Mode <= 1.0.5 - Information Exposure — Coming Soon Maintenance Mode 5.3 Medium2024-02-20
CVE-2024-1044 Customer Reviews for WooCommerce <= 5.38.10 - Improper Authorization via submit_review — Customer Reviews for WooCommerce 5.3 Medium2024-02-20
CVE-2023-50257 Disconnect Vulnerability in RTPS Packets Used by SROS2 — Fast-DDS 9.7 Critical2024-02-19
CVE-2024-25981 Msa-24-0004: forum export did not respect activity group settings 4.3 Medium2024-02-19
CVE-2024-25980 Msa-24-0003: h5p attempts report did not respect activity group settings 4.3 Medium2024-02-19
CVE-2024-1343 Weak permission vulnerability in LaborOfficeFree — LaborOfficeFree 4.7 Medium2024-02-19
CVE-2023-39244 Dell Enterprise Storage Integrator 访问控制错误漏洞 — ESI (Enterprise Storage Integrator) for SAP LAMA 7.3 High2024-02-15
CVE-2023-44283 Dell SupportAssist for Home PCs 访问控制错误漏洞 — SupportAssist for Home PCs 7.8 High2024-02-14
CVE-2024-24751 Broken Access Control in Backend Module in sf_event_mgt — sf_event_mgt 4.3 Medium2024-02-13
CVE-2024-21376 Microsoft Azure Kubernetes Service Confidential Container Remote Code Execution Vulnerability — Azure Kubernetes Service 9.0 Critical2024-02-13
CVE-2024-21364 Microsoft Azure Site Recovery Elevation of Privilege Vulnerability — Azure Site Recovery 9.3 Critical2024-02-13
CVE-2024-20695 Skype for Business Information Disclosure Vulnerability — Skype for Business Server 2019 CU7 5.7 Medium2024-02-13
CVE-2024-21401 Microsoft Entra Jira Single-Sign-On Plugin Elevation of Privilege Vulnerability — Entra 9.8 Critical2024-02-13
CVE-2024-1439 Inadequate access control vulnerability in Moodle — LMS 6.5 Medium2024-02-12
CVE-2024-24776 Incorrect Authorization leads to Channel Member Count Leak — Mattermost 3.1 Low2024-02-09
CVE-2024-25106 OpenObserve Unauthorized Access Vulnerability in Users API — openobserve 9.1 Critical2024-02-08
CVE-2024-0965 Simple Page Access Restriction <= 1.0.21 - Improper Access Control to Sensitive Information Exposure via REST API — Simple Page Access Restriction 5.3 Medium2024-02-08
CVE-2024-24824 graylog2-server vulnerable to instantiation of arbitrary classes triggered by API request — graylog2-server 8.8 High2024-02-07
CVE-2024-24771 Open Forms potential multi-factor authentication bypass — open-forms 7.7 High2024-02-07

Vulnerabilities classified as CWE-284 (访问控制不恰当) represent 2044 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.