CWE-285 (授权机制不恰当) — Vulnerability Class 970

970 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2025-10374	Shenzhen Sixun Business Management System OperatorStop improper authorization — Business Management System	7.3	High	2025-09-13
CVE-2025-10319	JeecgBoot Tenant Log Export exportLog improper authorization — JeecgBoot	4.3	Medium	2025-09-12
CVE-2025-10318	JeecgBoot WebSocket Message sendWebSocketMsg improper authorization — JeecgBoot	6.3	Medium	2025-09-12
CVE-2025-10291	linlinjava litemall cancel WxAftersaleController improper authorization — litemall	6.3	Medium	2025-09-12
CVE-2025-10278	YunaiV ruoyi-vue-pro transfer improper authorization — ruoyi-vue-pro	6.3	Medium	2025-09-12
CVE-2025-10277	YunaiV yudao-cloud submit improper authorization — yudao-cloud	6.3	Medium	2025-09-12
CVE-2025-10276	YunaiV ruoyi-vue-pro transfer improper authorization — ruoyi-vue-pro	6.3	Medium	2025-09-12
CVE-2025-10275	YunaiV yudao-cloud transfer improper authorization — yudao-cloud	6.3	Medium	2025-09-12
CVE-2025-6088	Improper Authorization in danny-avila/librechat — danny-avila/librechat	4.3^AI	Medium^AI	2025-09-11
CVE-2025-10209	Papermerge DMS Authorization Token improper authorization — DMS	5.4	Medium	2025-09-10
CVE-2025-10086	fuyang_lipengjun platform AdPositionController queryAll improper authorization — platform	6.3	Medium	2025-09-08
CVE-2025-10084	elunez eladmin SysLogController 1 queryErrorLogDetail improper authorization — eladmin	4.3	Medium	2025-09-08
CVE-2025-10073	Portabilis i-Educar turma improper authorization — i-Educar	4.3	Medium	2025-09-07
CVE-2025-10014	elunez eladmin Email Address updateEmail updateUserEmail improper authorization — eladmin	3.1	Low	2025-09-05
CVE-2025-9937	elunez eladmin LocalStorageController deleteFile improper authorization — eladmin	5.4	Medium	2025-09-03
CVE-2025-9936	fuyang_lipengjun platform queryAll AdController improper authorization — platform	4.3	Medium	2025-09-03
CVE-2025-9760	Portabilis i-Educar Matricula API matricula improper authorization — i-Educar	6.3	Medium	2025-09-01
CVE-2025-9687	Portabilis i-Educar processamentoApi improper authorization — i-Educar	6.3	Medium	2025-08-30
CVE-2025-58156	Centurion ERP users can view hashed authentication tokens that belong to other users — centurion_erp	1.9	Low	2025-08-29
CVE-2025-8147	LWSCache <= 2.8.5 - Missing Authorization to Authenticated (Subscriber+) Limited Plugin Activation via lwscache_activatePlugin Function — LWSCache	4.3	Medium	2025-08-29
CVE-2025-9609	Portabilis i-Educar consulta improper authorization — i-Educar	6.3	Medium	2025-08-29
CVE-2025-9602	Xinhu RockOA index.php publicsaveAjax improper authorization — RockOA	6.3	Medium	2025-08-29
CVE-2025-53795	Microsoft PC Manager Elevation of Privilege Vulnerability — Microsoft PC Manager	9.1	Critical	2025-08-21
CVE-2025-7221	GiveWP – Donation Plugin and Fundraising Platform <= 4.5.0 - Missing Authorization to Donation Update — GiveWP – Donation Plugin and Fundraising Platform	4.3	Medium	2025-08-21
CVE-2025-9151	LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization — ThriveX-Blog	6.3	Medium	2025-08-19
CVE-2025-7778	Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function — Icons Factory	9.8	Critical	2025-08-15
CVE-2025-55675	Apache Superset: Incorrect datasource authorization on REST API — Apache Superset	4.3^AI	Medium^AI	2025-08-14
CVE-2025-8840	jshERP Endpoint deleteBatch improper authorization — jshERP	5.4	Medium	2025-08-11
CVE-2025-8839	jshERP Endpoint addUser improper authorization — jshERP	6.3	Medium	2025-08-11
CVE-2025-8791	LitmusChaos Litmus list_projects improper authorization — Litmus	6.3	Medium	2025-08-10

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 970 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-285 (授权机制不恰当) — Vulnerability Class 970