Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 967

967 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-6977 vanna-ai vanna Legacy Flask API improper authorization — vanna 7.3 High2026-04-25
CVE-2026-6634 usememos UpdateInstanceSetting App.tsx memos_access_token improper authorization — memos 6.3 Medium2026-04-20
CVE-2026-6609 liangliangyy DjangoBlog views.py form_valid improper authorization — DjangoBlog 6.3 Medium2026-04-20
CVE-2026-6572 Collabora KodExplorer fileUpload Endpoint share.class.php improper authorization — KodExplorer 5.6 Medium2026-04-19
CVE-2026-6564 EMQ EMQX Enterprise Session Handling improper authorization — EMQX Enterprise 4.3 Medium2026-04-19
CVE-2026-40305 DNN has Force Friend Request Acceptance — Dnn.Platform 4.3 Medium2026-04-17
CVE-2026-40259 SiYuan: Publish Reader Can Arbitrarily Delete Attribute View Files via removeUnusedAttributeView API — siyuan 8.1 High2026-04-16
CVE-2026-40248 free5gc UDR improper path validation allows unauthenticated creation and modification of Traffic Influence Subscriptions — free5gc 7.5AIHighAI2026-04-16
CVE-2026-40247 free5gc UDR improper path validation allows unauthenticated access to Traffic Influence Subscriptions — free5gc 5.3AIMediumAI2026-04-16
CVE-2026-40246 free5gc UDR improper path validation allows unauthenticated deletion of Traffic Influence Subscriptions — free5gc 5.3AIMediumAI2026-04-16
CVE-2026-33146 Docmost's Public Share Search Exposes Metadata of Restricted Children — docmost 4.3 Medium2026-04-14
CVE-2026-34370 Chamilo LMS: IDOR in the Notebook Module allows an attacker to view other users' private notes — chamilo-lms 6.5 Medium2026-04-14
CVE-2026-27912 Windows Kerberos Elevation of Privilege Vulnerability — Windows Server 2012 8.0 High2026-04-14
CVE-2026-6105 perfree go-fastdfs-web doInstall InstallController.java improper authorization — go-fastdfs-web 7.3 High2026-04-11
CVE-2026-32252 Chartbrew Cross-Tenant Template Export and Secret Disclosure in `GET /team/:team_id/template/generate/:project_id` — chartbrew 7.7 High2026-04-10
CVE-2026-5412 Juju CloudSpec API could leak senstive information — Juju 9.9 Critical2026-04-10
CVE-2026-5999 JeecgBoot SysAnnouncementController improper authorization — JeecgBoot 6.3 Medium2026-04-10
CVE-2026-39901 monetr: Protected Transactions Deletable via PUT — monetr 5.7 Medium2026-04-08
CVE-2026-35479 InvenTree Plugin Installation - Insufficient Permissions — InvenTree 6.6 Medium2026-04-08
CVE-2026-35476 InvenTree Affected by Privilege Escalation via API — InvenTree 7.2 High2026-04-08
CVE-2026-35407 Saleor has Cross-Account Email Change via Unbound Confirmation Token — saleor 5.3AIMediumAI2026-04-08
CVE-2026-39389 CI4MS has a Hidden Items Authorization Bypass in Fileeditor Allows Reading Secrets and Writing Protected Files — ci4ms 6.7 Medium2026-04-08
CVE-2026-39347 OrangeHRM's Self‑Appraisal Submission of Admin Users Can Be Modified After Completion — orangehrm 5.5AIMediumAI2026-04-07
CVE-2026-35610 PolarLearn has a Server Action Admin Bypass in Account Management Actions — PolarLearn 8.8 High2026-04-07
CVE-2026-5642 Cyber-III Student-Management-System HTTP POST Request update.php improper authorization — Student-Management-System 7.3 High2026-04-06
CVE-2026-5529 Dromara lamp-cloud DefUserController pageUser improper authorization — lamp-cloud 4.3 Medium2026-04-05
CVE-2017-20238 Hirschmann Industrial HiVision Improper Authorization Privilege Escalation — Hirschmann Industrial HiVision 7.1 High2026-04-03
CVE-2026-33105 Microsoft Azure Kubernetes Service Elevation of Privilege Vulnerability — Azure Kubernetes Service 10.0 Critical2026-04-02
CVE-2026-32213 Azure AI Foundry Elevation of Privilege Vulnerability — Azure AI Foundry 10.0 Critical2026-04-02
CVE-2026-33950 signalk-server: Privilege Escalation by Admin Role Injection via /enableSecurity — signalk-server 9.4 Critical2026-04-02

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 967 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.