Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 970

970 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-33125 Frigate Broken Access Control: Users assigned the viewer role can delete admin and other low-privileged accounts — frigate 7.1 High2026-03-20
CVE-2026-32692 Unauthorized update of out-of-scope Vault secrets — Juju 7.6 High2026-03-18
CVE-2026-21886 OpenCTI's GraphQL Mutations Allow Deletion of Unrelated Entities — opencti 6.5 Medium2026-03-17
CVE-2026-32704 SiYuan renderSprig: missing admin check allows any user to read full workspace DB — siyuan 6.5 Medium2026-03-13
CVE-2026-4013 SourceCodester Web-based Pharmacy Product Management System add_admin.php improper authorization — Web-based Pharmacy Product Management System 6.3 Medium2026-03-12
CVE-2026-28806 Improper authorization in device bulk actions and device update API allows cross-organization device control — nerves_hub_web 8.8AIHighAI2026-03-10
CVE-2026-30959 OneUptime has WhatsApp Resend Verification Authorization Bypass — oneuptime 8.1AIHighAI2026-03-10
CVE-2026-30956 OneUptime has authorization bypass via client‑controlled is-multi-tenant-query header — oneuptime 10.0 Critical2026-03-10
CVE-2026-30870 Some sync filters in PowerSync Service ignored using `config.edition: 3` — powersync-service 6.5 Medium2026-03-09
CVE-2026-28431 Misskey lacks proper authorization checks and input validation — misskey 5.9AIMediumAI2026-03-09
CVE-2026-3817 SourceCodester Patients Waiting Area Queue Management System patient-search.php improper authorization — Patients Waiting Area Queue Management System 5.3 Medium2026-03-09
CVE-2026-3764 SourceCodester Client Database Management System superadmin_user_update.php improper authorization — Client Database Management System 7.3 High2026-03-08
CVE-2026-3762 SourceCodester Client Database Management System Endpoint superadmin_delete_manager.php improper authorization — Client Database Management System 7.3 High2026-03-08
CVE-2026-3761 SourceCodester Client Database Management System Endpoint superadmin_user_delete.php improper authorization — Client Database Management System 5.4 Medium2026-03-08
CVE-2026-3738 SourceCodester Pet Grooming Management Software Financial Report improper authorization — Pet Grooming Management Software 6.3 Medium2026-03-08
CVE-2026-3737 SourceCodester Pet Grooming Management Software User Creation add_user.php improper authorization — Pet Grooming Management Software 6.3 Medium2026-03-08
CVE-2026-3734 SourceCodester Client Database Management System Endpoint fetch_manager_details.php improper authorization — Client Database Management System 7.3 High2026-03-08
CVE-2026-3724 SourceCodester Patients Waiting Area Queue Management System checkin.php improper authorization — Patients Waiting Area Queue Management System 6.3 Medium2026-03-08
CVE-2026-3675 Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppReceiver improper authorization — dGEN1 5.3 Medium2026-03-07
CVE-2026-3674 Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppProvider improper authorization — dGEN1 5.3 Medium2026-03-07
CVE-2026-3671 Freedom Factory dGEN1 org.ethereumphone.walletmanager.testing123 TokenBalanceContentProvider improper authorization — dGEN1 3.3 Low2026-03-07
CVE-2026-3670 Freedom Factory dGEN1 com.dgen.alarm improper authorization — dGEN1 5.3 Medium2026-03-07
CVE-2026-3669 Freedom Factory dGEN1 com.dgen.alarm AlarmService improper authorization — dGEN1 5.3 Medium2026-03-07
CVE-2026-3667 Freedom Factory dGEN1 org.ethosmobile.ethoslauncher FakeAppService improper authorization — dGEN1 5.3 Medium2026-03-07
CVE-2026-28685 Kimai: API invoice endpoint missing customer-level access control (IDOR) — kimai 6.5 Medium2026-03-06
CVE-2026-28448 OpenClaw 2026.1.29 < 2026.2.1 - Authorization Bypass in Twitch Plugin allowFrom Access Control — OpenClaw 7.3 High2026-03-05
CVE-2026-30793 RustDesk Flutter URI Handler Sets Permanent Password Without Privilege Check or User Confirmation — RustDesk Client 8.8 -2026-03-05
CVE-2026-3265 go2ismail Free-CRM Security API improper authorization — Free-CRM 6.3 Medium2026-02-26
CVE-2026-3263 go2ismail Asp.Net-Core-Inventory-Order-Management-System Security API improper authorization — Asp.Net-Core-Inventory-Order-Management-System 6.3 Medium2026-02-26
CVE-2026-2694 The Events Calendar <= 6.15.16 - Improper Authorization to Authenticated (Contributor+) Event/Organizer/Venue Update/Trash via REST API — The Events Calendar 5.4 Medium2026-02-25

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 970 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.