Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 967

967 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-2733 Org.keycloak/keycloak-services: keycloak: missing check on disabled client for docker registry protocol — Red Hat build of Keycloak 26.4 3.8 Low2026-02-19
CVE-2025-4521 IDonate 2.1.5 - 2.1.9 - Missing Authorization to Authenticated (Subscriber+) Account Takeover/Privilege Escalation via idonate_donor_profile Function — IDonate – Blood Donation, Request And Donor Management System 8.8 High2026-02-19
CVE-2026-2693 CoCoTeaNet CyreneAdmin System Info Endpoint getCount improper authorization — CyreneAdmin 4.3 Medium2026-02-19
CVE-2026-2676 GoogTech sms-ssm API LoginInterceptor.java preHandle improper authorization — sms-ssm 6.3 Medium2026-02-18
CVE-2026-26020 AutoGPT Affected by Remote Code Execution via Dynamic Module Import in Block Loading (__import__) — AutoGPT 8.8AIHighAI2026-02-12
CVE-2026-25999 Klaw has an improper authorisation check on /resetMemoryCache — klaw 7.1 High2026-02-11
CVE-2026-25893 FUXA Unauthenticated Remote Code Execution via Admin JWT Minting — FUXA 9.8AICriticalAI2026-02-09
CVE-2026-25885 PolarLearn allows Unauthenticated WebSocket access allows subscribing to and posting in arbitrary group chats — PolarLearn 6.5AIMediumAI2026-02-09
CVE-2026-25809 PlaciPy Code Execution Allowed Without Assessment Active State Validation — assessment-placipy 9.8AICriticalAI2026-02-09
CVE-2026-2141 WuKongOpenSource WukongCRM URL PermissionServiceImpl.java improper authorization — WukongCRM 6.3 Medium2026-02-08
CVE-2026-2209 WeKan Custom Translation translationBody.js setCreateTranslation improper authorization — WeKan 6.3 Medium2026-02-08
CVE-2026-2109 jsbroks COCO Annotator Delete Category undo improper authorization — COCO Annotator 5.4 Medium2026-02-07
CVE-2026-2107 yeqifu warehouse Log Info LoginfoController.java batchDeleteLoginfo improper authorization — warehouse 6.3 Medium2026-02-07
CVE-2026-2106 yeqifu warehouse Notice Management NoticeController.java batchDeleteNotice improper authorization — warehouse 6.3 Medium2026-02-07
CVE-2026-2105 yeqifu warehouse Department Management DeptController.java deleteDept improper authorization — warehouse 6.3 Medium2026-02-07
CVE-2026-2079 yeqifu warehouse Menu Management MenuController.java deleteMenu improper authorization — warehouse 6.3 Medium2026-02-07
CVE-2026-2078 yeqifu warehouse Permission Management PermissionController.java deletePermission improper authorization — warehouse 6.3 Medium2026-02-07
CVE-2026-2077 yeqifu warehouse Role Management RoleController.java deleteRole improper authorization — warehouse 6.3 Medium2026-02-07
CVE-2026-2076 yeqifu warehouse User Management Endpoint UserController.java deleteUser improper authorization — warehouse 6.3 Medium2026-02-07
CVE-2026-2015 Portabilis i-Educar Final Status Import FinalStatusImportService.php improper authorization — i-Educar 6.3 Medium2026-02-06
CVE-2026-2010 Sanluan PublicCMS Trade Payment TradePaymentService.java paid improper authorization — PublicCMS 4.2 Medium2026-02-06
CVE-2026-23623 Collabora Online vulnerable to Authorization Bypass — online 5.3 Medium2026-02-05
CVE-2026-1894 WeKan REST API checklistItems.js Checklist REST Bleed improper authorization — WeKan 6.3 Medium2026-02-04
CVE-2026-1892 WeKan REST API boards.js setBoardOrgs improper authorization — WeKan 5.0 Medium2026-02-04
CVE-2026-1733 Zhong Bang CRMEB :uni tidyOrder improper authorization — CRMEB 4.3 Medium2026-02-01
CVE-2026-1702 SourceCodester Pet Grooming Management Software User Management user.php improper authorization — Pet Grooming Management Software 6.3 Medium2026-01-30
CVE-2026-1597 Bdtask SalesERP Administrative Endpoint improper authorization — SalesERP 6.3 Medium2026-01-29
CVE-2026-1550 PHPGurukul Hospital Management System Admin Dashboard adminviews.py improper authorization — Hospital Management System 6.3 Medium2026-01-28
CVE-2026-24835 Podman Desktop Extension System Vulnerable to Authentication Bypass — podman-desktop 9.8AICriticalAI2026-01-28
CVE-2025-59100 Unauthenticated Access to the SQLite Database in dormakaba access manager — Access Manager 92xx-k5 9.8AICriticalAI2026-01-26

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 967 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.