Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 967

967 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-24305 Azure Entra ID Elevation of Privilege Vulnerability — Microsoft Entra 9.3 Critical2026-01-22
CVE-2026-22022 Apache Solr: Unauthorized bypass of certain "predefined permission" rules in the RuleBasedAuthorizationPlugin — Apache Solr 9.8AICriticalAI2026-01-21
CVE-2025-14348 weMail <= 2.0.7 - Insufficient Authorization via x-wemail-user Header to Sensitive Information Disclosure — weMail: Email Marketing, Email Automation, Newsletters, Subscribers & Email Optins for WooCommerce 5.3 Medium2026-01-20
CVE-2026-1193 MineAdmin View view improper authorization — MineAdmin 6.3 Medium2026-01-19
CVE-2026-1141 PHPGurukul News Portal Add Sub-Admin add-subadmins.php improper authorization — News Portal 6.3 Medium2026-01-19
CVE-2026-1112 Sanluan PublicCMS Trade Address Deletion Endpoint TradeAddressController.java delete improper authorization — PublicCMS 5.4 Medium2026-01-18
CVE-2026-1106 Chamilo LMS Legal Consent SocialController.php deleteLegal improper authorization — LMS 5.4 Medium2026-01-18
CVE-2026-20960 PowerApps Desktop Client Remote Code Execution Vulnerability — Microsoft Power Apps Desktop Client 8.0 High2026-01-16
CVE-2026-22252 LibreChat MCP Stdio Remote Command Execution — LibreChat 9.1 Critical2026-01-12
CVE-2025-67603 Lack of client authorization allows arbitrary users to influence the firewall configuration — Foomuuri 5.3 -2026-01-08
CVE-2026-22042 RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation — rustfs 8.8 -2026-01-08
CVE-2025-12958 Rankology SEO and Analytics Tool <= 2.0 - Incorrect Authorization to Authenticated (Editor+) Header & Footer Code Creation — Rankology SEO and Analytics Tool 2.7 Low2026-01-07
CVE-2025-9294 Quiz And Survey Master <= 10.3.1 - Missing Authorization to Authenticated (Subscriber+) Quiz Results Deletion — Quiz and Survey Master (QSM) – Easy Quiz and Survey Maker 4.3 Medium2026-01-06
CVE-2025-61781 GraphQL IDOR allows authenticated user to delete workspace content of other users — opencti 7.1 High2026-01-05
CVE-2026-0574 yeqifu warehouse Request UserController.java saveUserRole improper authorization — warehouse 6.3 Medium2026-01-04
CVE-2025-15213 code-projects Student File Management System File Download download.php improper authorization — Student File Management System 4.3 Medium2025-12-30
CVE-2025-15126 JeecgBoot getPositionUserList improper authorization — JeecgBoot 3.1 Low2025-12-28
CVE-2025-15125 JeecgBoot queryDepartPermission improper authorization — JeecgBoot 3.1 Low2025-12-28
CVE-2025-15124 JeecgBoot list getParameterMap improper authorization — JeecgBoot 3.1 Low2025-12-28
CVE-2025-15123 JeecgBoot datarule improper authorization — JeecgBoot 3.1 Low2025-12-28
CVE-2025-15122 JeecgBoot datarule loadDatarule improper authorization — JeecgBoot 3.1 Low2025-12-28
CVE-2025-15120 JeecgBoot getDeptRoleList improper authorization — JeecgBoot 3.1 Low2025-12-28
CVE-2025-15119 JeecgBoot list queryPageList improper authorization — JeecgBoot 3.1 Low2025-12-28
CVE-2025-15118 macrozheng mall Member Endpoint update improper authorization — mall 4.3 Medium2025-12-28
CVE-2025-15106 getmaxun Authentication Endpoint auth.ts router.get improper authorization — maxun 6.3 Medium2025-12-27
CVE-2025-15087 youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization — youlai-mall 4.3 Medium2025-12-25
CVE-2025-15085 youlaitech youlai-mall Balance MemberController.java deductBalance improper authorization — youlai-mall 4.3 Medium2025-12-25
CVE-2025-68481 FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO — fastapi-users 5.9 Medium2025-12-19
CVE-2025-14546 FastAPI SSO 安全漏洞 — fastapi-sso 6.3 Medium2025-12-19
CVE-2025-65041 Microsoft Partner Center Elevation of Privilege Vulnerability — Microsoft Partner Center 10.0 Critical2025-12-18

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 967 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.