Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 971

971 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-20381 Cisco Network Services Orchestrator Configuration Update Authorization Bypass Vulnerability — Cisco IOS XR Software 8.8 High2024-09-11
CVE-2024-38231 Windows Remote Desktop Licensing Service Denial of Service Vulnerability — Windows Server 2019 6.5 Medium2024-09-10
CVE-2024-43482 Microsoft Outlook for iOS Information Disclosure Vulnerability — Outlook for iOS 6.5 Medium2024-09-10
CVE-2024-45044 Bareos's negative command ACLs can be circumvented by abbreviating commands — bareos 8.8 High2024-09-10
CVE-2024-8509 Migration toolkit for virtualization: forklift-controller: empty bearer token may perform authentication 7.5 High2024-09-06
CVE-2024-20497 Cisco Expressway Edge Improper Authorization Vulnerability — Cisco TelePresence Video Communication Server (VCS) Expressway 4.3 Medium2024-09-04
CVE-2024-42039 Huawei HarmonyOS 安全漏洞 — HarmonyOS 4.3 Medium2024-09-04
CVE-2024-45307 SudoBot missing authorization check in `-config` command — sudobot 8.8 High2024-09-03
CVE-2024-5053 Contact Form Plugin by Fluent Forms for Quiz, Survey, and Drag & Drop WP Form Builder <= 5.1.18 - Missing Authorization to Authenticated (Subscriber+) Mailchimp Integration Modification — Fluent Forms – Customizable Contact Forms, Survey, Quiz, & Conversational Form Builder 4.2 Medium2024-09-01
CVE-2024-42490 authentik has Insufficient Authorization for several API endpoints — authentik 7.5 High2024-08-22
CVE-2024-7851 SourceCodester Yoga Class Registration System Add User Users.php improper authorization — Yoga Class Registration System 6.3 Medium2024-08-16
CVE-2024-6347 Unauthorized access to ECU functionality — Altima 5.1AIMediumAI2024-08-15
CVE-2024-7624 Zephyr Project Manager <= 3.3.101 - Authenticated (Subscriber+) Limited Privilege Escalation — Zephyr Project Manager 8.1 High2024-08-15
CVE-2024-7799 SourceCodester Simple Online Bidding System users.php improper authorization — Simple Online Bidding System 5.3 Medium2024-08-14
CVE-2024-39419 A user without ship permissions can ship the orders — Adobe Commerce 4.3 Medium2024-08-14
CVE-2024-39418 Adobe Commerce | Improper Authorization (CWE-285) — Adobe Commerce 5.4 Medium2024-08-14
CVE-2024-39413 An unauthorized user can export the Invoiced Sales Report — Adobe Commerce 4.3 Medium2024-08-14
CVE-2024-39417 An unauthorized user can export the Shipping Report — Adobe Commerce 4.3 Medium2024-08-14
CVE-2024-39407 Adobe Commerce | Improper Authorization (CWE-285) — Adobe Commerce 4.3 Medium2024-08-14
CVE-2024-39411 Adobe Commerce | Improper Authorization (CWE-285) — Adobe Commerce 4.3 Medium2024-08-14
CVE-2024-39416 Unauthorized user can export Orders Sale Report — Adobe Commerce 4.3 Medium2024-08-14
CVE-2024-39412 Adobe Commerce | Improper Authorization (CWE-285) — Adobe Commerce 4.3 Medium2024-08-14
CVE-2024-39404 A user without Shop Policy Parameters section privilege can alter the shop policy parameters section — Adobe Commerce 4.3 Medium2024-08-14
CVE-2024-39405 Adobe Commerce | Improper Authorization (CWE-285) — Adobe Commerce 4.3 Medium2024-08-14
CVE-2024-39415 An unauthorized user can export the Tax Sales Report — Adobe Commerce 4.3 Medium2024-08-14
CVE-2024-6384 Backup files may be downloaded by underprivileged users in MongoDB Enterprise Server — MongoDB Server 5.3 Medium2024-08-13
CVE-2024-42036 Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS 2.5 Low2024-08-08
CVE-2024-42032 Huawei EMUI和Huawei HarmonyOS 安全漏洞 — HarmonyOS 4.4 Medium2024-08-08
CVE-2024-7578 Alien Technology ALR-F800 cmd.php improper authorization — ALR-F800 7.3 High2024-08-07
CVE-2024-41962 Bostr Improper Authorization — bostr 4.6 Medium2024-08-01

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 971 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.