Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 971

971 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-41670 PayPal Official Module for PrestaShop has Improperly Implemented Security Check for Standard — paypal 7.5 High2024-07-26
CVE-2024-30061 Microsoft Dynamics 365 (On-Premises) Information Disclosure Vulnerability — Microsoft Dynamics 365 (on-premises) version 9.1 7.3 High2024-07-09
CVE-2024-39597 [CVE-2024-39597] Improper Authorization Checks on Early Login Composable Storefront B2B sites of SAP Commerce — SAP Commerce 7.2 High2024-07-09
CVE-2024-6375 Missing authorization check may lead to shard key refinement — MongoDB Server 5.4 Medium2024-07-01
CVE-2023-35022 IBM InfoSphere Information Server improper authentication — InfoSphere Information Server 3.3 Low2024-06-30
CVE-2024-37282 Elastic Cloud Enterprise 安全漏洞 — Elastic Cloud Enterprise 8.1 High2024-06-28
CVE-2024-3959 Improper Authorization in GitLab — GitLab 6.5 Medium2024-06-26
CVE-2024-37167 Tuleap has improper permissions of the backlog items — tuleap 4.3 Medium2024-06-25
CVE-2024-37159 Evmos is missing create validator check — evmos 3.5 Low2024-06-17
CVE-2024-6000 FooEvents for WooCommerce <= 1.19.20 - Improper Authorization to (Contributor+) Arbitrary File Upload — FooEvents for WooCommerce 7.1 High2024-06-15
CVE-2024-34104 Adobe Commerce | Improper Authorization (CWE-285) — Adobe Commerce 8.2 High2024-06-13
CVE-2024-25949 Dell OS10 Networking Switches 授权问题漏洞 — SmartFabric OS10 Software 8.8 High2024-06-12
CVE-2024-37154 Evmos allows unvested token delegations — evmos 5.3 Medium2024-06-06
CVE-2024-23665 Fortinet FortiWeb 授权问题漏洞 — FortiWeb 5.6 Medium2024-06-03
CVE-2024-23667 Fortinet FortiWebManager 安全漏洞 — FortiWebManager 7.6 High2024-06-03
CVE-2024-23670 Fortinet FortiWebManager 授权问题漏洞 — FortiWebManager 7.6 High2024-06-03
CVE-2024-36108 Multiple Broken Function-Level Authorization vulnerabilities in casgate — casgate 9.8 Critical2024-05-31
CVE-2024-3269 Download Monitor <= 4.9.13 - Missing Authorization — Download Monitor 5.4 Medium2024-05-30
CVE-2024-1803 EmbedPress – Embed PDF, Google Docs, Vimeo, Wistia, Embed YouTube Videos, Audios, Maps & Embed Any Documents in Gutenberg & Elementor <= 3.9.12 - Insufficient Authorization Checks to Block Usual — EmbedPress – PDF Embedder, Embed YouTube Videos, 3D FlipBook, Social feeds, Docs & more 4.3 Medium2024-05-23
CVE-2024-0870 YITH WooCommerce Gift Cards <= 4.12.0 - Missing Authorization to Unauthenticated WooCommerce Settings Update — YITH WooCommerce Gift Cards 5.3 Medium2024-05-14
CVE-2024-4819 Campcodes Online Laundry Management System admin_class.php improper authorization — Online Laundry Management System 4.3 Medium2024-05-13
CVE-2023-41819 Motorola Face Unlock 安全漏洞 — Phones 6.1 Medium2024-05-03
CVE-2023-44410 D-Link D-View showUsers Improper Authorization Privilege Escalation Vulnerability — D-View 8.8 -2024-05-03
CVE-2023-32168 D-Link D-View showUser Improper Authorization Privilege Escalation Vulnerability — D-View 8.8 -2024-05-03
CVE-2023-6731 WP Show Posts <= 1.1.5 - Improper Authorization to Information Exposure — WP Show Posts 4.3 Medium2024-05-02
CVE-2023-47166 Milesight UR32L 授权问题漏洞 — UR32L 8.8 High2024-05-01
CVE-2024-32881 Unauthorized access to GET/SET of Slack Bot Tokens in Danswer — danswer 9.8 Critical2024-04-26
CVE-2023-5675 Quarkus: authorization flaw in quarkus resteasy reactive and classic when "quarkus.security.jaxrs.deny-unannotated-endpoints" or "quarkus.security.jaxrs.default-roles-allowed" properties are used. 6.5 Medium2024-04-25
CVE-2024-3027 Smart Slider 3 <= 3.5.1.22 - Missing Authorization to Limited File Upload — Smart Slider 3 6.4 Medium2024-04-13
CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 6.5 Medium2024-04-09

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 971 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.