Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 970

970 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-8790 Portabilis i-Educar API Endpoint pessoa improper authorization — i-Educar 4.3 Medium2025-08-10
CVE-2025-8756 TDuckCloud tduck-platform manage preHandle improper authorization — tduck-platform 6.3 Medium2025-08-09
CVE-2025-54787 SuiteCRM: Improper Authorization for attachment downloads — SuiteCRM 3.7 Low2025-08-07
CVE-2025-53792 Azure Portal Elevation of Privilege Vulnerability — Azure Portal 9.1 Critical2025-08-07
CVE-2025-8547 atjiu pybbs Email Verification improper authorization — pybbs 5.3 Medium2025-08-05
CVE-2025-54868 LibreChat exposes arbitrary chats through Meilisearch engine — LibreChat 7.5 High2025-08-05
CVE-2025-54130 Cursor Agent is vulnerable prompt injection via Editor Special Files — cursor 7.5 High2025-08-05
CVE-2025-8401 HT Mega – Absolute Addons For Elementor <= 2.9.1 - Authenticated (Author+) Sensitive Information Exposure — HT Mega Addons for Elementor – Elementor Widgets & Template Builder 4.3 Medium2025-07-31
CVE-2025-54585 GitProxy is vulnerable to a new branch approval exploit — git-proxy 6.5AIMediumAI2025-07-30
CVE-2025-53944 AutoGPT Platform Exposes Graph Execution Results via Authorization Gap — AutoGPT 7.7 High2025-07-30
CVE-2025-8261 Vaelsys VaelsysV4 User Creation vgrid_server.php improper authorization — VaelsysV4 7.3 High2025-07-28
CVE-2025-54378 HAX CMS Backend Lacks Comprehensive Authorization Checks — issues 8.3 High2025-07-26
CVE-2025-7947 jshERP Account delete improper authorization — jshERP 5.4 Medium2025-07-22
CVE-2025-49746 Azure Machine Learning Elevation of Privilege Vulnerability — Azure Machine Learning 9.9 Critical2025-07-18
CVE-2025-46732 OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users — opencti 5.4 Medium2025-07-18
CVE-2024-26291 Authenticated Arbitrary File Read affecting Avid NEXIS — Avid NEXIS E-series 6.2AIMediumAI2025-07-14
CVE-2025-53709 Access control issues impacting secure-upload service — com.palantir.secupload:secure-upload 5.4 Medium2025-07-10
CVE-2025-0928 Arbitrary executable upload via authenticated endpoint — Juju 8.8 High2025-07-08
CVE-2025-49701 Microsoft SharePoint Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 8.8 High2025-07-08
CVE-2025-53532 giscus allows unauthorized discussion creation — giscus 5.3 Medium2025-07-07
CVE-2025-6713 MongoDB Server may be susceptible to privilege escalation due to $mergeCursors stage — MongoDB Server 7.7 High2025-07-07
CVE-2025-53106 Graylog vulnerable to privilege escalation through API tokens — graylog2-server 8.8AIHighAI2025-07-02
CVE-2025-4654 Soumettre.fr <= 2.1.5 - Improper Authorization to Unauthenticated Soumettre Posts Creation/Modification/Deletion — Soumettre.fr 3.7 Low2025-07-02
CVE-2025-6736 juzaweb CMS Add New Themes Page install improper authorization — CMS 6.3 Medium2025-06-26
CVE-2025-6735 juzaweb CMS Import Page imports improper authorization — CMS 6.3 Medium2025-06-26
CVE-2025-6702 linlinjava litemall post improper authorization — litemall 4.3 Medium2025-06-26
CVE-2025-20264 Cisco Identity Services Engine Authorization Bypass Vulnerability — Cisco Identity Services Engine Software 6.4 Medium2025-06-25
CVE-2025-6525 70mai 1S Configuration Config.cgi improper authorization — 1S 4.3 Medium2025-06-23
CVE-2025-6099 szluyu99 gin-vue-blog PATCH Request manager.go improper authorization — gin-vue-blog 5.3 Medium2025-06-16
CVE-2025-46840 Adobe Experience Manager | Improper Authorization (CWE-285) — Adobe Experience Manager 8.7 High2025-06-10

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 970 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.