Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 970

970 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-2850 GL.iNet GL-A1300 Slate Plus Download Interface improper authorization — GL-A1300 Slate Plus 3.5 Low2025-04-26
CVE-2025-32964 ManageWiki vulnerable to permission bypass when disabling extensions requiring certain permissions in Special:ManageWiki/extensions — ManageWiki 4.6 Medium2025-04-22
CVE-2025-3587 ZeroWdd/code-projects studentmanager getTeacherList improper authorization — studentmanager 6.3 Medium2025-04-14
CVE-2025-3569 JamesZBL/code-projects db-hospital-drug ShiroConfig.java improper authorization — db-hospital-drug 6.3 Medium2025-04-14
CVE-2025-3567 veal98 小牛肉 Echo 开源社区系统 Ticket LoginTicketInterceptor.java preHandle improper authorization — Echo 开源社区系统 4.3 Medium2025-04-14
CVE-2025-3564 huanfenz/code-projects StudentManager Teacher String improper authorization — StudentManager 4.3 Medium2025-04-14
CVE-2025-3550 wowjoy 浙江湖州华卓信息科技有限公司 Internet Doctor Workstation System detail improper authorization — Internet Doctor Workstation System 4.3 Medium2025-04-14
CVE-2025-3537 Tutorials-Website Employee Management System update-user.php improper authorization — Employee Management System 5.3 Medium2025-04-13
CVE-2025-3536 Tutorials-Website Employee Management System delete-user.php improper authorization — Employee Management System 6.5 Medium2025-04-13
CVE-2025-29794 Microsoft SharePoint Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 8.8 High2025-04-08
CVE-2025-30373 Graylog Authenticated HTTP inputs do ingest message even if Authorization header is missing or has wrong value — graylog2-server 6.5 Medium2025-04-07
CVE-2025-3202 ageerle ruoyi-ai SysNoticeController.java improper authorization — ruoyi-ai 7.3 High2025-04-04
CVE-2025-3199 ageerle ruoyi-ai API Interface SysModelController.java improper authorization — ruoyi-ai 7.3 High2025-04-04
CVE-2025-26683 Azure Playwright Elevation of Privilege Vulnerability — Azure Playwright 8.1 High2025-03-31
CVE-2025-3014 Insecure direct object references (IDOR) in NightWolf Penetration Platform — NightWolf Penetration Platform 8.1 -2025-03-31
CVE-2025-3013 Insecure direct object references (IDOR) in NightWolf Penetration Platform — NightWolf Penetration Platform 8.1 -2025-03-31
CVE-2025-2600 Devolutions Remote Desktop Manager 安全漏洞 — Remote Desktop Manager 8.8AIHighAI2025-03-26
CVE-2025-2528 Devolutions Remote Desktop Manager 安全漏洞 — Remote Desktop Manager 8.8AIHighAI2025-03-26
CVE-2025-29778 Kyverno ignores subjectRegExp and IssuerRegExp — kyverno 5.8 Medium2025-03-24
CVE-2025-2653 FoxCMS improper authorization — FoxCMS 4.3 Medium2025-03-23
CVE-2025-2639 JIZHICMS Article release.html improper authorization — JIZHICMS 4.3 Medium2025-03-23
CVE-2025-2638 JIZHICMS Article release.html improper authorization — JIZHICMS 4.3 Medium2025-03-23
CVE-2025-2637 JIZHICMS Account Profile Page userinfo.html improper authorization — JIZHICMS 4.3 Medium2025-03-23
CVE-2025-29927 Authorization Bypass in Next.js Middleware — next.js 9.1 Critical2025-03-21
CVE-2025-2589 code-projects Human Resource Management System Account.go Index improper authorization — Human Resource Management System 5.5 Medium2025-03-21
CVE-2025-29922 kcp allows unauthorized creation and deletion of objects in arbitrary workspaces through APIExport Virtual Workspace — kcp 9.6 Critical2025-03-20
CVE-2025-29926 The WikiManager REST API allows any user to create wikis — xwiki-platform 8.8 -2025-03-19
CVE-2025-2397 China Mobile P22g-CIac Telnet Service improper authorization — P22g-CIac 2.4 Low2025-03-17
CVE-2025-2360 D-Link DIR-823G UPnP Service HNAP1 SetUpnpSettings improper authorization — DIR-823G 7.3 High2025-03-17
CVE-2025-2359 D-Link DIR-823G DDNS Service HNAP1 SetDDNSSettings improper authorization — DIR-823G 7.3 High2025-03-17

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 970 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.