Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 971

971 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-2359 D-Link DIR-823G DDNS Service HNAP1 SetDDNSSettings improper authorization — DIR-823G 7.3 High2025-03-17
CVE-2025-2345 IROAD Dash Cam X5/Dash Cam X6 improper authorization — Dash Cam X5 9.8 Critical2025-03-16
CVE-2025-2320 274056675 springboot-openai-chatgpt User submit improper authorization — springboot-openai-chatgpt 7.3 High2025-03-14
CVE-2025-24053 Microsoft Dataverse Elevation of Privilege Vulnerability — Microsoft Dataverse 7.2 High2025-03-13
CVE-2025-27602 Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content — Umbraco-CMS 4.9 Medium2025-03-11
CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality — Umbraco-CMS 4.3 Medium2025-03-11
CVE-2025-2114 Shenzhen Sixun Software Sixun Shanghui Group Business Management System Reset Password Interface OperatorStop.asp improper authorization — Sixun Shanghui Group Business Management System 3.7 Low2025-03-09
CVE-2024-13552 SupportCandy – Helpdesk & Customer Support Ticket System <= 3.3.0 - Insecure Direct Object Reference — SupportCandy – Helpdesk & Customer Support Ticket System 4.3 Medium2025-03-07
CVE-2025-27509 SAML authentication vulnerability due to improper SAML response validation — fleet 8.8 -2025-03-06
CVE-2024-13724 Wallet System for WooCommerce – Wallet, Wallet Cashback, Refunds, Partial Payment, Wallet Restriction <= 2.6.2 - Missing Authorization — Wallet System for WooCommerce – Digital Wallet, Buy Now Pay Later (BNPL), Instant Cashback, Referral program, Partial & Subscription Payments 4.3 Medium2025-03-04
CVE-2024-43051 Improper Authorization in SPS-HLOS — Snapdragon 5.5 Medium2025-03-03
CVE-2025-1847 zj1983 zz improper authorization — zz 6.3 Medium2025-03-03
CVE-2025-1815 pbrong hrms resource.go HrmsDB improper authorization — hrms 7.3 High2025-03-02
CVE-2025-1806 Eastnets PaymentSafe URL Default.aspx improper authorization — PaymentSafe 4.3 Medium2025-03-01
CVE-2024-47053 Improper Authorization in Reporting API — mautic/core 7.7 High2025-02-26
CVE-2025-23024 GLPI: Plugins are disabled accessing one page — glpi 7.5 -2025-02-25
CVE-2025-1361 IP2Location Country Blocker <= 2.38.8 - Missing Authorization to Unauthenticated Information Exposure via admin_init Function — IP2Location Country Blocker 7.5 High2025-02-22
CVE-2025-25196 OpenFGA Authorization Bypass — openfga 8.1 -2025-02-19
CVE-2025-1007 Improper Authorization in /user/namespace/{namespace}/details — OpenVSX 4.3 -2025-02-19
CVE-2024-13692 Return Refund and Exchange For WooCommerce <= 4.4.5 - Authenticated (Subscriber+) Insecure Direct Object Reference — Return Refund and Exchange For WooCommerce 5.4 Medium2025-02-14
CVE-2025-1226 ywoa setup.jsp improper authorization — ywoa 5.3 Medium2025-02-12
CVE-2024-13821 WP Booking Calendar <= 10.10 - Unauthenticated Post-Confirmation Booking Manipulation — Booking Calendar 5.3 Medium2025-02-12
CVE-2025-21400 Microsoft SharePoint Server Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 8.0 High2025-02-11
CVE-2025-24418 Adobe Commerce | Improper Authorization (CWE-285) — Adobe Commerce 8.1 High2025-02-11
CVE-2025-1078 AppHouseKitchen AlDente Charge Limiter XPC Service com.apphousekitchen.aldente-pro.helper shouldAcceptNewConnection improper authorization — AlDente Charge Limiter 5.3 Medium2025-02-06
CVE-2024-57954 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.2 Medium2025-02-06
CVE-2025-20125 Cisco Identity Services Engine Insufficient Authorization Bypass Vulnerability — Cisco Identity Services Engine Software 9.1 Critical2025-02-05
CVE-2025-24376 The kubewarden-controller AdmissionPolicy and AdmissionPolicyGroup policies can be used to alter PolicyReport resources — kubewarden-controller 6.5 Medium2025-01-30
CVE-2025-24784 kubewarden-controller has an Information leak via AdmissionPolicyGroup Resource — kubewarden-controller 4.3 Medium2025-01-30
CVE-2024-13646 Single-user-chat <= 0.5 - Authenticated (Subscriber+) Limited Options Update — Single-user-chat 8.1 High2025-01-30

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 971 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.