Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-285 (授权机制不恰当) — Vulnerability Class 967

967 vulnerabilities classified as CWE-285 (授权机制不恰当). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-14889 Campcodes Advanced Voting Management System Password voters_edit.php improper authorization — Advanced Voting Management System 5.4 Medium2025-12-18
CVE-2023-53895 PimpMyLog 1.7.14 Improper Access Control via Account Creation Endpoint — PimpMyLog 9.8 Critical2025-12-16
CVE-2025-40830 Siemens SINEC Security Monitor 授权问题漏洞 — SINEC Security Monitor 6.7 Medium2025-12-09
CVE-2025-14206 SourceCodester Online Student Clearance System Fee Table delete-fee.php improper authorization — Online Student Clearance System 6.5 Medium2025-12-08
CVE-2025-12720 g-FFL Cockpit <= 1.7.1 - Improper Authorization to Unauthenticated Product Deletion — g-FFL Cockpit 5.3 Medium2025-12-06
CVE-2025-12505 weDocs <= 2.1.14 - Missing Authorization to Settings Update — weDocs: AI Powered Knowledge Base, Docs, Documentation, Wiki & AI Chatbot 5.4 Medium2025-12-06
CVE-2025-14089 Himool ERP AdminActionViewSet update_account improper authorization — ERP 6.3 Medium2025-12-05
CVE-2025-14088 ketr JEPaaS load improper authorization — JEPaaS 6.3 Medium2025-12-05
CVE-2025-14016 macrozheng mall-swarm delete improper authorization — mall-swarm 5.4 Medium2025-12-04
CVE-2025-66301 Grav ihas Broken Access Control which allows an Editor to modify the page's YAML Frontmatter to alter form processing actions — grav 4.3AIMediumAI2025-12-01
CVE-2025-13808 orionsec orion-ops User Profile UserController.java update improper authorization — orion-ops 7.3 High2025-12-01
CVE-2025-13807 orionsec orion-ops API MachineKeyController.java MachineKeyController improper authorization — orion-ops 4.3 Medium2025-12-01
CVE-2025-13806 nutzam NutzBoot Transaction API EthModule.java improper authorization — NutzBoot 7.3 High2025-12-01
CVE-2025-66291 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Interview Attachments — orangehrm 6.5 -2025-11-29
CVE-2025-66290 OrangeHRM is Vulnerable to Improper Authorization Allowing Unauthorized Access to Candidate Attachments — orangehrm 6.5 -2025-11-29
CVE-2025-65966 OneUptime Unauthorized User Creation via API — oneuptime 4.3AIMediumAI2025-11-26
CVE-2025-13576 code-projects Blog Site admin.php improper authorization — Blog Site 6.3 Medium2025-11-24
CVE-2025-11815 UiPress lite | Effortless custom dashboards, admin themes and pages <= 3.5.08 - Missing Authorization to Authenticated (Subscriber+) Plugin Settings Update — UiPress lite | Effortless custom dashboards, admin themes and pages 4.3 Medium2025-11-21
CVE-2025-64751 OpenFGA Improper Policy Enforcement — openfga 9.8 -2025-11-21
CVE-2025-64655 Dynamics OmniChannel SDK Storage Containers Elevation of Privilege Vulnerability — Dynamics OmniChannel SDK Storage Containers 8.8 High2025-11-20
CVE-2025-65033 Rallly Broken Authorization: Any User Can Pause or Resume Any Poll via Poll ID Manipulation — rallly 8.1 High2025-11-19
CVE-2025-65031 Rallly Improper Authorization in Comment Endpoint Allows User Impersonation — rallly 6.5 Medium2025-11-19
CVE-2025-65030 Rallly Improper Authorization in Comment Deletion Endpoint Allows Unauthorized Comment Removal — rallly 7.1 High2025-11-19
CVE-2025-65029 Rallly Has an IDOR Vulnerability in Participant Deletion Endpoint Allows Unauthorized Removal of Poll Participants — rallly 8.1 High2025-11-19
CVE-2025-65021 Rallly Has Unauthorized Poll Finalization via Insecure Direct Object Reference (IDOR) — rallly 9.1 Critical2025-11-19
CVE-2025-65020 Rallly Has Unauthorized Poll Duplication via Insecure Direct Object Reference (IDOR) — rallly 6.5 Medium2025-11-19
CVE-2025-65028 Rallly Has an IDOR Vulnerability in Vote Update Endpoint Allows Unauthorized Manipulation of Participant Votes — rallly 6.5 Medium2025-11-19
CVE-2025-13085 SiteSEO – SEO Simplified <= 1.3.2 - Insecure Direct Object Reference to Sensitive Post Meta Disclosure — SiteSEO – SEO Simplified 4.3 Medium2025-11-19
CVE-2025-12814 SiteSEO – SEO Simplified <= 1.3.2 - Improper Authorization to Authenticated Settings Reset — SiteSEO – SEO Simplified 5.3 Medium2025-11-19
CVE-2025-12777 YITH WooCommerce Wishlist <= 4.10.0 - Unauthenticated Wishlist Token Disclosure to Wishlist Item Deletion — YITH WooCommerce Wishlist 5.3 Medium2025-11-19

Vulnerabilities classified as CWE-285 (授权机制不恰当) represent 967 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.