Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-284 (访问控制不恰当) — Vulnerability Class 2041

2041 vulnerabilities classified as CWE-284 (访问控制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-64897 ColdFusion | Improper Access Control (CWE-284) — ColdFusion 5.6 Medium2025-12-09
CVE-2025-62570 Windows Camera Frame Server Monitor Information Disclosure Vulnerability — Windows 11 Version 24H2 7.1 High2025-12-09
CVE-2025-62474 Windows Remote Access Connection Manager Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.8 High2025-12-09
CVE-2025-59517 Windows Storage VSP Driver Elevation of Privilege Vulnerability — Windows 10 Version 1607 7.8 High2025-12-09
CVE-2025-64673 Windows Storage VSP Driver Elevation of Privilege Vulnerability — Windows 10 Version 1809 7.8 High2025-12-09
CVE-2025-59810 Fortinet FortiSOAR PaaS和Fortinet FortiSOAR on-premise 访问控制错误漏洞 — FortiSOAR on-premise 6.2 Medium2025-12-09
CVE-2025-59923 Fortinet FortiAuthenticator 访问控制错误漏洞 — FortiAuthenticator 2.6 Low2025-12-09
CVE-2025-40939 Siemens SIMATIC CN 4100 访问控制错误漏洞 — SIMATIC CN 4100 4.6 Medium2025-12-09
CVE-2025-66557 Nextcloud Deck app allowed user with "Can share" permission to modify permissions of other non-owners — security-advisories 5.4 Medium2025-12-05
CVE-2025-14086 youlaitech youlai-mall openid access control — youlai-mall 6.3 Medium2025-12-05
CVE-2025-14052 youlaitech youlai-mall members getMemberById access control — youlai-mall 6.3 Medium2025-12-05
CVE-2025-66509 LaraDashboard: 1-Click Pre-Auth RCE via Host Header + Module Installation Chain — laradashboard 9.8AICriticalAI2025-12-04
CVE-2025-65097 Insecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User Collections — romm 6.5AIMediumAI2025-12-03
CVE-2025-65096 RomM Insecure Direct Object Reference (IDOR) Allows Unauthorized Access to Private Collections — romm 6.5AIMediumAI2025-12-03
CVE-2025-55749 The XWiki Jetty package (XJetty) allows accessing any application file through URL — xwiki-platform 7.5AIHighAI2025-12-01
CVE-2025-64715 Cilium with misconfigured toGroups in policies can lead to unrestricted egress traffic — cilium 4.0 Medium2025-11-29
CVE-2025-66028 OneUptime is Vulnerable to Privilege Escalation via Login Response Manipulation — oneuptime 8.8AIHighAI2025-11-26
CVE-2025-65963 CFiles Unauthorized Folder/ZIP Access in Public Spaces — cfiles 5.4 Medium2025-11-25
CVE-2025-64483 Wazuh API – Agent Configuration Has Improper Access Control in Agent Enrollment Endpoint — wazuh-dashboard-plugins 8.8 -2025-11-21
CVE-2025-64660 GitHub Copilot and Visual Studio Code Remote Code Execution Vulnerability — Visual Studio Code 8.0 High2025-11-20
CVE-2025-13443 macrozheng mall delete access control — mall 5.4 Medium2025-11-20
CVE-2025-53360 pluginsGLPI's Database Inventory Plugin allows any authenticated user to send agent requests — databaseinventory 4.3 Medium2025-11-18
CVE-2025-41737 Improper access control via php endpoint — Energy-Controlling EWIO2-M 7.5 High2025-11-18
CVE-2025-13250 WeiYe-Jing datax-web Job triggerJob access control — datax-web 6.3 Medium2025-11-16
CVE-2025-12182 Qi Blocks <= 1.4.3 - Missing Authorization to Arbitrary Attachment Resize — Qi Blocks 4.3 Medium2025-11-15
CVE-2025-64746 Directus has Improper Permission Handling on Deleted Fields — directus 4.6 Medium2025-11-13
CVE-2025-46362 Dell Alienware Command Center 访问控制错误漏洞 — Alienware Command Center 6.x (AWCC) 6.6 Medium2025-11-13
CVE-2025-20341 Cisco Catalyst Center Privilege Escalation Vulnerability — Cisco Digital Network Architecture Center (DNA Center) 8.8 High2025-11-13
CVE-2025-46608 Dell Data Lakehouse 访问控制错误漏洞 — Data Lakehouse 9.1 Critical2025-11-12
CVE-2025-47179 Configuration Manager Elevation of Privilege Vulnerability — Microsoft Configuration Manager 6.7 Medium2025-11-11

Vulnerabilities classified as CWE-284 (访问控制不恰当) represent 2041 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.