Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 970

970 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-43706 Kibana Improper Authorization — Kibana 7.6 High2025-06-10
CVE-2025-43585 Adobe Commerce | Improper Authorization (CWE-285) — Adobe Commerce 8.2 High2025-06-10
CVE-2025-5522 jack0240 魏 bskms 蓝天幼儿园管理系统 User Creation addUser improper authorization — bskms 蓝天幼儿园管理系统 7.3 High2025-06-03
CVE-2025-5511 quequnlong shiyi-blog photos improper authorization — shiyi-blog 5.3 Medium2025-06-03
CVE-2025-3454 Grafana 安全漏洞 — Grafana 5.0 Medium2025-06-02
CVE-2025-4631 Profitori 2.0.6.0 - 2.1.1.3 - Missing Authorization to Unauthenticated Privilege Escalation via stocktend_object Endpoint — The E-Commerce ERP: Purchasing, Inventory, Fulfillment, Manufacturing, BOM, Accounting, Sales Analysis 9.8 Critical2025-05-31
CVE-2025-4672 Offsprout Page Builder 2.2.1 - 2.15.2 - Authenticated (Contributor+) Privilege Escalation via permission_callback Function — Offsprout Page Builder 8.8 High2025-05-31
CVE-2025-4103 WP-GeoMeta 0.3.4 - 0.3.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via wp_ajax_wpgm_start_geojson_import Function — WP-GeoMeta 8.8 High2025-05-31
CVE-2025-5175 erdogant pypickle pypickle.py save improper authorization — pypickle 5.3 Medium2025-05-26
CVE-2025-48371 OpenFGA Authorization Bypass — openfga 9.8AICriticalAI2025-05-22
CVE-2025-48063 XWiki Platform Security Authorization Bridge allows users with just edit right can enforce required rights with programming right — xwiki-platform 7.1AIHighAI2025-05-21
CVE-2025-4819 y_project RuoYi Offline Logout batchForceLogout improper authorization — RuoYi 3.1 Low2025-05-17
CVE-2025-4474 Frontend Dashboard 1.0 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation via fed_admin_setting_form_function Function — Frontend Dashboard 8.8 High2025-05-13
CVE-2025-4473 Frontend Dashboard 1.5.10 - 2.2.7 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via ajax_request Function — Frontend Dashboard 8.8 High2025-05-13
CVE-2025-29827 Azure Automation Elevation of Privilege Vulnerability — Azure Automation 9.9 Critical2025-05-08
CVE-2025-4104 Frontend Dashboard 1.0 - 2.2.6 - Missing Authorization to Unauthenticated Privilege Escalation via fed_wp_ajax_fed_login_form_post Function — Frontend Dashboard 9.8 Critical2025-05-07
CVE-2025-3921 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Limited Unauthenticated Arbitrary User Meta Update via handel_ajax_req Function — PeproDev Ultimate Profile Solutions 8.2 High2025-05-07
CVE-2025-3924 PeproDev Ultimate Profile Solutions 1.9.1 - 7.5.2 - Missing Authorization to Unauthenticated Email Enumeration — PeproDev Ultimate Profile Solutions 5.3 Medium2025-05-07
CVE-2025-3918 Job Listings 0.1 - 0.1.1 - Unauthenticated Privilege Escalation via register_action Function — Job Listings 9.8 Critical2025-05-03
CVE-2025-4136 Weitong Mall Sale Endpoint improper authorization — Mall 5.4 Medium2025-04-30
CVE-2025-30390 Azure ML Compute Elevation of Privilege Vulnerability — Azure Machine Learning 9.9 Critical2025-04-30
CVE-2025-30392 Azure AI Bot Elevation of Privilege Vulnerability — Azure AI Bot Service 9.8 Critical2025-04-30
CVE-2025-30389 Azure Bot Framework SDK Elevation of Privilege Vulnerability — Azure AI Bot Service 8.7 High2025-04-30
CVE-2025-32972 The lesscss script service allows cache clearing without programming right — xwiki-platform 2.7 Low2025-04-30
CVE-2025-4017 20120630 Novel-Plus LogController.java list improper authorization — Novel-Plus 4.3 Medium2025-04-28
CVE-2025-4016 20120630 Novel-Plus LogController.java deleteIndex improper authorization — Novel-Plus 5.4 Medium2025-04-28
CVE-2025-3981 wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System details improper authorization — Internet Doctor Workstation System 4.3 Medium2025-04-27
CVE-2025-3980 wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System list improper authorization — Internet Doctor Workstation System 4.3 Medium2025-04-27
CVE-2025-3977 iteachyou Dreamer CMS Attachment download improper authorization — Dreamer CMS 4.3 Medium2025-04-27
CVE-2025-3967 itwanger paicoding Article post improper authorization — paicoding 5.4 Medium2025-04-27

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 970 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.