Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 971

971 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-52528 Auth Token can be passed dummy or wrong the middleware response is 200 OK — Gateway 9.8AICriticalAI2024-11-15
CVE-2021-3991 Improper Authorization in dolibarr/dolibarr — dolibarr/dolibarr 4.3AIMediumAI2024-11-15
CVE-2022-31668 User permission validation failure and disclosure of P2P preheat execution logs — Harbor 7.4 High2024-11-14
CVE-2022-31667 Harbor fails to validate the user permissions when updating a robot account — Harbor 6.4 Medium2024-11-14
CVE-2022-31669 Harbor fails to validate the user permissions when updating tag immutability policies — Harbor 6.4 Medium2024-11-14
CVE-2022-31670 Harbor fails to validate the user permissions when updating tag retention policies — Harbor 7.7 High2024-11-14
CVE-2022-31671 Harbor fails to validate the user permissions when reading and updating job execution logs through the P2P preheat execution logs — Harbor 7.4 High2024-11-14
CVE-2022-31666 Harbor fails to validate user permissions while Viewing, updating and deleting Webhook policies — Harbor 7.7 High2024-11-14
CVE-2024-43602 Azure CycleCloud Remote Code Execution Vulnerability — Azure CycleCloud 9.9 Critical2024-11-12
CVE-2024-11073 SourceCodester Hospital Management System delete-account.php improper authorization — Hospital Management System 4.3 Medium2024-11-11
CVE-2024-51525 Huawei HarmonyOS 安全漏洞 — HarmonyOS 6.2 Medium2024-11-05
CVE-2024-10598 Tongda OA Annual Leave data.php improper authorization — OA 5.3 Medium2024-10-31
CVE-2024-48921 Kyverno's PolicyException objects can be created in any namespace by default — kyverno 8.1AIHighAI2024-10-29
CVE-2024-9235 Mapster WP Maps <= 1.5.0 - Incorrect Authorization to Authenticated (Contributor+) Arbitrary Options Update — Mapster WP Maps 8.8 High2024-10-25
CVE-2024-9531 MultiVendorX – The Ultimate WooCommerce Multivendor Marketplace Solution <= 4.2.4 - Missing Authorization to Forged Vendor Profile Deletion Email Sending — MultiVendorX – WooCommerce Multivendor Marketplace Solutions 4.3 Medium2024-10-24
CVE-2020-36841 WooCommerce Smart Coupons <= 4.6.0 - Unauthenticated Coupon Creation — WooCommerce Smart Coupons 5.3 Medium2024-10-16
CVE-2024-47876 Sakai: Kernel users created with type roleview can login as a normal user — sakai 8.8 -2024-10-15
CVE-2023-50780 Apache ActiveMQ Artemis: Authenticated users could perform RCE via Jolokia MBeans — Apache ActiveMQ Artemis 8.8AIHighAI2024-10-14
CVE-2024-47084 CORS origin validation is not performed when the request has a cookie in Gradio — gradio 8.1AIHighAI2024-10-10
CVE-2024-47165 CORS origin validation accepts the null origin in Gradio — gradio 6.2AIMediumAI2024-10-10
CVE-2024-38129 Windows Kerberos Elevation of Privilege Vulnerability — Windows Server 2022, 23H2 Edition (Server Core installation) 7.5 High2024-10-08
CVE-2024-38425 Improper Authorization in Performance — Snapdragon 6.1 Medium2024-10-07
CVE-2024-47183 Parse Server's custom object ID allows to acquire role privileges — parse-server 8.1 High2024-10-04
CVE-2024-20441 Cisco Nexus Dashboard Fabric Controller Unauthorized API Endpoint Vulnerability — Cisco Data Center Network Manager 5.7 Medium2024-10-02
CVE-2024-20393 Cisco RV340, RV340W, RV345, and RV345P Dual WAN Gigabit VPN Routers Privilege Escalation Vulnerability — Cisco Small Business RV Series Router Firmware 8.8 High2024-10-02
CVE-2024-9297 SourceCodester Online Railway Reservation System admin improper authorization — Online Railway Reservation System 6.3 Medium2024-09-28
CVE-2024-20414 Cisco IOS XE Software 安全漏洞 — IOS 6.5 Medium2024-09-25
CVE-2024-9082 SourceCodester Online Eyewear Shop User Creation Users.php improper authorization — Online Eyewear Shop 6.3 Medium2024-09-22
CVE-2024-43460 Dynamics 365 Business Central Elevation of Privilege Vulnerability — Dynamics 365 Business Central Online 8.1 High2024-09-17
CVE-2024-6840 Automation-controller: gain access to the k8s api server via job execution with container group 6.6 Medium2024-09-12

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 971 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.