Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5527

5527 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-27769 Connected Workspaces: Malicious remote server can manipulate arbitrary user's status — Mattermost 2.7 Low2026-04-15
CVE-2026-3649 Katalogportal-pdf-sync Widget <= 1.0.0 - Missing Authorization to Authenticated (Subscriber+) Information Disclosure via 'katalogportal_shortcodePrinter' AJAX Action — Katalogportal-pdf-sync Widget 5.3 Medium2026-04-15
CVE-2026-3642 e-shot <= 1.0.2 - Missing Authorization to Authenticated (Subscriber+) Form Settings Modification via AJAX — e-shot 5.3 Medium2026-04-15
CVE-2026-4812 Advanced Custom Fields (ACF®) <= 6.7.0 - Unauthenticated Missing Authorization to Arbitrary Post/Page Disclosure via AJAX Field Query Parameters — Advanced Custom Fields (ACF®) 5.3 Medium2026-04-15
CVE-2026-1314 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery <= 1.16.17 - Missing Authorization to Unauthenticated Private/Draft Flipbook Data Exposure — 3D FlipBook – PDF Embedder, PDF Flipbook Viewer, Flipbook Image Gallery 5.3 Medium2026-04-14
CVE-2025-15565 Nexi XPay <= 8.3.0 - Missing Authorization to Unauthenticated Order Status Modification — Nexi XPay 5.3 Medium2026-04-14
CVE-2026-4109 Eventin – Events Calendar, Event Booking, Ticket & Registration (AI Powered) <= 4.1.8 Missing Authorization to Authenticated (Subscriber+) Order Information Exposure — Eventin – Event Calendar, Event Registration, Tickets & Booking (AI Powered) 4.3 Medium2026-04-14
CVE-2026-4365 LearnPress <= 4.3.2.8 - Missing Authorization to Unauthenticated Arbitrary Quiz Answer Deletion — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 9.1 Critical2026-04-14
CVE-2026-34261 Missing Authorization check in SAP Business Analytics and SAP Content Management — SAP Business Analytics and SAP Content Management 6.5 Medium2026-04-14
CVE-2026-34256 Missing Authorization check in SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise) — SAP ERP and SAP S/4 HANA (Private Cloud and On-Premise) 7.1 High2026-04-14
CVE-2026-27679 Missing Authorization check in SAP S/4HANA Frontend OData Service (Manage Reference Structures) — SAP S/4HANA Frontend OData Service (Manage Reference Structures) 6.5 Medium2026-04-14
CVE-2026-27678 Missing Authorization check in SAP S/4HANA Backend OData Service (Manage Reference Structures) — SAP S/4HANA Backend OData Service (Manage Reference Structures) 6.5 Medium2026-04-14
CVE-2026-27677 Missing Authorization check in SAP S/4HANA OData Service (Manage Reference Equipment) — SAP S/4HANA OData Service (Manage Reference Equipment) 6.5 Medium2026-04-14
CVE-2026-27676 Missing Authorization check in SAP S/4HANA OData Service (Manage Technical Object Structures) — SAP S/4HANA OData Service (Manage Technical Object Structures) 4.3 Medium2026-04-14
CVE-2026-27673 Missing Authorization Check in SAP S/4HANA (Private Cloud and On-Premise) — SAP S/4HANA (Private Cloud and On-Premise) 4.9 Medium2026-04-14
CVE-2026-27672 Missing Authorization check in Material Master Application — Material Master Application 4.3 Medium2026-04-14
CVE-2026-3358 Tutor LMS <= 3.9.7 - Missing Authorization to Authenticated (Subscriber+) Unauthorized Private Course Enrollment — Tutor LMS – eLearning and online course solution 5.4 Medium2026-04-11
CVE-2026-40189 goshs has a file-based ACL authorization bypass in goshs state-changing routes — goshs 9.8AICriticalAI2026-04-10
CVE-2026-40185 Missing Authorization on Immich Trip Photo Routes in TREK — TREK 7.1 High2026-04-10
CVE-2026-33708 Chamilo LMS has REST API PII Exposure via get_user_info_from_username — chamilo-lms 6.5 Medium2026-04-10
CVE-2026-35598 Vikunja has Missing Authorization on CalDAV Task Read — vikunja 4.3 Medium2026-04-10
CVE-2026-35662 OpenClaw < 2026.3.22 - Missing controlScope Enforcement in Send Action — OpenClaw 4.3 Medium2026-04-10
CVE-2026-35660 OpenClaw < 2026.3.23 - Insufficient Access Control in Gateway Agent Session Reset — OpenClaw 8.1 High2026-04-10
CVE-2026-35621 OpenClaw < 2026.3.24 - Privilege Escalation via chat.send to Allowlist Persistence — OpenClaw 6.5 Medium2026-04-10
CVE-2026-35620 OpenClaw < 2026.3.24 - Missing Authorization in /send and /allowlist Chat Commands — OpenClaw 5.4 Medium2026-04-10
CVE-2026-4162 Gravity SMTP <= 2.1.4 - Missing Authorization to Authenticated (Subscriber+) Plugin Uninstall — Gravity SMTP 7.1 High2026-04-10
CVE-2026-4977 UsersWP <= 1.2.58 - Authenticated (Subscriber+) Restricted Usermeta Modification via 'htmlvar' Parameter — UsersWP – Front-end login form, User Registration, User Profile & Members Directory plugin for WP 4.3 Medium2026-04-10
CVE-2026-4057 Download Manager <= 3.3.51 - Missing Authorization to Authenticated (Contributor+) Media File Protection Removal — Download Manager 4.3 Medium2026-04-10
CVE-2026-3360 Tutor LMS <= 3.9.7 - Missing Authorization to Unauthenticated Arbitrary Billing Profile Overwrite via 'order_id' Parameter — Tutor LMS – eLearning and online course solution 7.5 High2026-04-10
CVE-2026-33785 Junos OS: MX Series: Missing Authorization for specific 'request' CLI commands in a JDM/CSDS scenario — Junos OS 8.8 High2026-04-09

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.