Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 971

971 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-13694 WooCommerce Wishlist <= 1.8.7 - Unauthenticated Wishlist Disclosure via download_pdf_file Function — MoreConvert Wishlist for WooCommerce 7.5 High2025-01-30
CVE-2025-0849 CampCodes School Management Software Staff edit-staff improper authorization — School Management Software 6.3 Medium2025-01-30
CVE-2025-0484 Fanli2012 native-php-cms Backend sysconfig_doedit.php improper authorization — native-php-cms 7.3 High2025-01-15
CVE-2025-23042 Gradio Blocked Path ACL Bypass Vulnerability — gradio 7.5 -2025-01-14
CVE-2025-21275 Windows App Package Installer Elevation of Privilege Vulnerability — Windows 10 Version 21H2 7.8 High2025-01-14
CVE-2025-21348 Microsoft SharePoint Server Remote Code Execution Vulnerability — Microsoft SharePoint Enterprise Server 2016 7.2 High2025-01-14
CVE-2024-56323 OpenFGA Authorization Bypass — openfga 9.8 -2025-01-13
CVE-2024-13241 Open Social - Moderately critical - Information Disclosure - SA-CONTRIB-2024-005 — Open Social 5.3 -2025-01-09
CVE-2025-21611 tgstation-server's role authorization incorrectly OR'd with user's enabled status — tgstation-server 8.8 High2025-01-06
CVE-2024-56320 GoCD vulnerable to admin privilege escalation by a malicious internal/existing authenticated user — gocd 8.8 -2025-01-03
CVE-2024-13109 Beijing Yunfan Internet Technology Yunfan Learning Examination System doc.html improper authorization — Yunfan Learning Examination System 5.3 Medium2025-01-02
CVE-2024-56802 Tapir allows DeployKey exposure — tapir 9.1 -2024-12-31
CVE-2020-9081 华为产品安全漏洞 — HUAWEI Mate 20 3.5 Low2024-12-27
CVE-2024-12901 FoxCMS API Endpoint Site.php improper authorization — FoxCMS 5.3 Medium2024-12-23
CVE-2024-12782 Fujifilm Business Innovation Apeos C3070/Apeos C5570/Apeos C6580 Web Interface index.html#hashHome improper authorization — Apeos C3070 7.3 High2024-12-19
CVE-2024-11768 Download manager <= 3.3.03 - Improper Authorization to Unauthenticated Download of Password-Protected Files — Download Manager 5.3 Medium2024-12-19
CVE-2024-51479 Authorization bypass in Next.js — next.js 7.5 High2024-12-17
CVE-2024-43729 Adobe Experience Manager | Improper Authorization (CWE-285) — Adobe Experience Manager 6.5 Medium2024-12-10
CVE-2024-43731 Adobe Experience Manager | Improper Authorization (CWE-285) — Adobe Experience Manager 4.3 Medium2024-12-10
CVE-2024-12347 Guangzhou Huayi Intelligent Technology Jeewms Druid Monitoring Interface index.html improper authorization — Jeewms 5.3 Medium2024-12-08
CVE-2024-11860 SourceCodester Best House Rental Management System POST Request ajax.php improper authorization — Best House Rental Management System 6.5 Medium2024-11-27
CVE-2024-36467 Authentication privilege escalation via user groups due to missing authorization checks — Zabbix 7.5 High2024-11-27
CVE-2024-8676 Cri-o: checkpoint restore can be triggered from different namespaces 7.4 High2024-11-26
CVE-2024-10729 Booking & Appointment Plugin for WooCommerce <= 6.9.0 - Authenticated (Subscriber+) Arbitrary Option Update — Booking & Appointment Plugin for WooCommerce 8.8 High2024-11-26
CVE-2024-52287 authentik performs insufficient validation of OAuth scopes — authentik 7.5AIHighAI2024-11-21
CVE-2020-3539 Cisco Data Center Network Manager Authorization Bypass Vulnerability — Cisco Data Center Network Manager 6.3 Medium2024-11-18
CVE-2024-48901 Moodle: idor when fetching report schedules 4.3AIMediumAI2024-11-18
CVE-2024-48897 Moodle: idor in edit/delete rss feed 4.3AIMediumAI2024-11-18
CVE-2024-11306 Altenergy Power Control Software database improper authorization — Power Control Software 5.3 Medium2024-11-18
CVE-2024-38370 GLPI allows API document download without rights — glpi 5.3 Medium2024-11-15

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 971 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.