CWE-284 (访问控制不恰当) — Vulnerability Class 2041

2041 vulnerabilities classified as CWE-284 (访问控制不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-23496	Pimcore Web2Print Tools Bundle "Favourite Output Channel Configuration" Missing Function Level Authorization — pimcore	5.4	Medium	2026-01-15
CVE-2026-23494	Pimcore is Missing Function Level Authorization on "Static Routes" Listing — pimcore	4.3	Medium	2026-01-15
CVE-2026-23495	Pimcore's Admin Classic Bundle is Missing Function Level Authorization on "Predefined Properties" Listing — pimcore	4.3	Medium	2026-01-15
CVE-2025-64516	GLPI incorrectly authorizes access to documents — glpi	7.5	High	2026-01-15
CVE-2025-61973	Epic Games Store 安全漏洞 — Epic Games Store	8.8	High	2026-01-15
CVE-2026-22909	SICK TDC-X401GL 安全漏洞 — TDC-X401GL	7.5	High	2026-01-15
CVE-2026-21889	Weblate leaks information via screenshots — weblate	5.3^AI	Medium^AI	2026-01-14
CVE-2025-14338	Polkit authentication dis isabled by default in inputplumber — inputplumber	8.1^AI	High^AI	2026-01-14
CVE-2026-20949	Microsoft Excel Security Feature Bypass Vulnerability — Microsoft 365 Apps for Enterprise	7.8	High	2026-01-13
CVE-2026-20929	Windows HTTP.sys Elevation of Privilege Vulnerability — Windows 10 Version 1607	7.5	High	2026-01-13
CVE-2026-20843	Windows Routing and Remote Access Service (RRAS) Elevation of Privilege Vulnerability — Windows 10 Version 1607	7.8	High	2026-01-13
CVE-2026-20839	Windows Client-Side Caching (CSC) Service Information Disclosure Vulnerability — Windows 10 Version 1607	5.5	Medium	2026-01-13
CVE-2026-20825	Windows Hyper-V Information Disclosure Vulnerability — Windows 10 Version 1809	4.4	Medium	2026-01-13
CVE-2026-0386	Windows Deployment Services Remote Code Execution Vulnerability — Windows Server 2008 R2 Service Pack 1	7.5	High	2026-01-13
CVE-2026-22605	OpenProject is Vulnerable to Insecure Direct Object Reference in Meetings — openproject	4.3	Medium	2026-01-10
CVE-2026-21694	Titra APIs have Improper Access Control — titra	6.8	Medium	2026-01-07
CVE-2026-21447	Bagisto has IDOR in Customer Order Reorder Functionality — bagisto	7.1	High	2026-01-02
CVE-2025-69284	In plane.io, a Guest User to a Workspace can still be able to see list of members — plane	4.3	Medium	2026-01-02
CVE-2025-15086	youlaitech youlai-mall MemberController.java getMemberByMobile access control — youlai-mall	4.3	Medium	2025-12-25
CVE-2025-15084	youlaitech youlai-mall Order Payment OrderController.java orderService.payOrder access control — youlai-mall	3.1	Low	2025-12-25
CVE-2025-64400	Insufficient permission checks when pre-enrolling users Summary — com.palantir.controlpanel:control-panel	4.1	Medium	2025-12-18
CVE-2025-66397	ChurchCRM's Kiosk Manager Functions are vulnerable to Broken Access Control — CRM	8.3	High	2025-12-17
CVE-2025-14095	Privilege boundary violation in Radiometer Products — ABL90 FLEX and ABL90 FLEX PLUS Analyzers	5.7	Medium	2025-12-17
CVE-2025-11901	ASUS Motherboards 安全漏洞 — B460 series	4.6^AI	Medium^AI	2025-12-17
CVE-2025-14749	Ningyuanda TC155 ONVIF PTZ Control device_service access control — TC155	6.3	Medium	2025-12-16
CVE-2025-14748	Ningyuanda TC155 ONVIF Device Management Service device_service access control — TC155	5.4	Medium	2025-12-16
CVE-2025-67715	Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR) — weblate	4.3	Medium	2025-12-16
CVE-2025-14660	DecoCMS Mesh Workspace Domain api.ts createTool access control — Mesh	5.6	Medium	2025-12-14
CVE-2025-64669	Windows Admin Center Elevation of Privilege Vulnerability — Windows Admin Center	7.8	High	2025-12-11
CVE-2025-14082	Keycloak-services: keycloak admin rest api: improper access control leads to sensitive role metadata information disclosure — Red Hat build of Keycloak 26.4	2.7	Low	2025-12-10

Vulnerabilities classified as CWE-284 (访问控制不恰当) represent 2041 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-284 (访问控制不恰当) — Vulnerability Class 2041