Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 972

972 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2024-1289 LearnPress <= 4.2.6.3 - Insecure Direct Object Reference — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 6.5 Medium2024-04-09
CVE-2024-26193 Azure Migrate Remote Code Execution Vulnerability — Azure Migrate 6.4 Medium2024-04-09
CVE-2024-3434 CP Plus Wi-Fi Camera User Management improper authorization — Wi-Fi Camera 5.4 Medium2024-04-07
CVE-2024-30260 Undici's Proxy-Authorization header not cleared on cross-origin redirect for dispatch, request, stream, pipeline — undici 3.9 Low2024-04-04
CVE-2024-3139 SourceCodester Computer Laboratory Management System save_users improper authorization — Computer Laboratory Management System 5.4 Medium2024-04-01
CVE-2024-3013 Teledyne FLIR AX8 User Registration test_login.php improper authorization — AX8 6.3 Medium2024-03-28
CVE-2024-0077 CVE — vGPU driver, Cloud Gaming driver 7.8 High2024-03-27
CVE-2024-20333 Cisco DNA Center 安全漏洞 — Cisco Digital Network Architecture Center (DNA Center) 4.3 Medium2024-03-27
CVE-2024-29033 GoogleOAuthenticator.hosted_domain incorrectly verifies membership of an Google organization/workspace — oauthenticator 7.5 High2024-03-20
CVE-2024-2641 Ruijie RG-NBS2009G-P Password passwdManage.htm improper authorization — RG-NBS2009G-P 5.3 Medium2024-03-19
CVE-2024-27930 Sensitive fields access through dropdowns in GLPI — glpi 6.5 Medium2024-03-18
CVE-2024-27937 glpi Users emails enumeration — glpi 6.5 Medium2024-03-18
CVE-2024-2557 kishor-23 Food Waste Management System admin.php improper authorization — Food Waste Management System 5.3 Medium2024-03-17
CVE-2024-21761 Fortinet FortiPortal 授权问题漏洞 — FortiPortal 3.9 Medium2024-03-12
CVE-2024-2317 Bdtask Hospital AutoManager Prescription Page improper authorization — Hospital AutoManager 3.8 Low2024-03-08
CVE-2024-27916 `GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary repositories in Minder by any authenticated user — minder 7.1 High2024-03-06
CVE-2024-24900 Dell Secure Connect Gateway 授权问题漏洞 — Secure Connect Gateway (SCG) Policy Manager 5.8 Medium2024-03-01
CVE-2024-1043 AMP for WP <= 1.0.93.1 - Authenticated(Contributor+) Arbitrary Post Deletion via amppb_remove_saved_layout_data — AMP for WP – Accelerated Mobile Pages 6.5 Medium2024-02-20
CVE-2024-21987 Improper Authorization Vulnerability in SnapCenter — SnapCenter 5.4 Medium2024-02-16
CVE-2024-21402 Microsoft Outlook Elevation of Privilege Vulnerability — Microsoft 365 Apps for Enterprise 7.1 High2024-02-13
CVE-2024-23806 HID Global Reader Configuration Cards Improper Authorization — HID iCLASS SE reader configuration cards 5.3 Medium2024-02-07
CVE-2024-24936 JetBrains TeamCity 安全漏洞 — TeamCity 4.3 Medium2024-02-06
CVE-2024-23649 Any authenticated user may obtain private message details from other users on the same instance — lemmy 7.5 High2024-01-24
CVE-2023-40683 IBM OpenPages with Watson privilege escalation — OpenPages with Watson 8.8 High2024-01-19
CVE-2022-4962 Apollo Configuration Center users improper authorization — Apollo 4.3 Medium2024-01-12
CVE-2023-6878 Slick Social Share Buttons <= 2.4.11 - Authenticated (Subscriber+) Arbitrary Option Update — Slick Social Share Buttons 8.8 High2024-01-11
CVE-2023-6496 Manage Notification E-mails <= 1.8.5 - Missing Authorization — Manage Notification E-mails 5.3 Medium2024-01-11
CVE-2023-48252 Bosch Nexo cordless nutrunner 安全漏洞 — Nexo cordless nutrunner NXA015S-36V (0608842001) 8.8 High2024-01-10
CVE-2023-52139 Misskey vulnerable to improper authorization when accessing with third-party application — misskey 9.1 Critical2023-12-29
CVE-2023-50871 JetBrains YouTrack 安全漏洞 — YouTrack 4.3 Medium2023-12-15

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 972 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.