Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5531

5531 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-21416 Azure Virtual Desktop Elevation of Privilege Vulnerability — Azure Virtual Desktop 8.5 High2025-04-30
CVE-2025-32973 org.xwiki.platform:xwiki-platform-component-wiki provides no warning when granting XWiki.ComponentClass programming right — xwiki-platform 9.1 Critical2025-04-30
CVE-2025-3953 WP Statistics – The Most Popular Privacy-Friendly Analytics Plugin <= 14.13.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Update — WP Statistics – Simple, privacy-friendly Google Analytics alternative 5.4 Medium2025-04-30
CVE-2025-4095 Registry Access Management (RAM) policies not applied when sign-in enforcement is configured via a configuration profile — Docker Desktop 6.1AIMediumAI2025-04-29
CVE-2025-3452 SecuPress Free <= 2.3.9 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Installation — SecuPress with Simple SSL – Simple and Performant Security 4.3 Medium2025-04-29
CVE-2025-39367 WordPress Kleo theme < 5.4.4 - Broken Access Control vulnerability — Kleo 5.3 Medium2025-04-28
CVE-2025-3963 withstars Books-Management-System Background Interface list authorization — Books-Management-System 7.3 High2025-04-27
CVE-2025-3960 withstars Books-Management-System Background Interface allreaders.html authorization — Books-Management-System 7.3 High2025-04-27
CVE-2025-3915 Aeropage Sync for Airtable <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion — Aeropage Sync for Airtable 4.3 Medium2025-04-26
CVE-2025-3906 Integração entre Eduzz e Woocommerce 1.5.0 - 1.7.5 - Missing Authorization to Authenticated (Subscriber+) Privilege Escalation — Integração entre Eduzz e Woocommerce 8.8 High2025-04-26
CVE-2025-32045 Moodle: hidden grades shown to users without permission on some grade reports 5.3 Medium2025-04-25
CVE-2025-3912 WS Form LITE – Drag & Drop Contact Form Builder for WordPress <= 1.10.35 - Missing Authorization to Unauthenticated Sensitive Information Exposure — WS Form LITE – Drag & Drop Contact Form Builder 5.3 Medium2025-04-25
CVE-2025-1279 BM Content Builder <= 3.16.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Options Update — BM Content Builder 8.8 High2025-04-25
CVE-2025-46535 WordPress Custom Login and Registration plugin <= 1.0.0 - Broken Access Control vulnerability — Custom Login and Registration 5.4 Medium2025-04-25
CVE-2025-46519 WordPress Media Library Downloader plugin <= 1.3.1 - Broken Access Control Vulnerability — Media Library Downloader 4.3 Medium2025-04-24
CVE-2025-46489 WordPress Bulk Assign Linked Products For WooCommerce plugin <= 2.1 - Broken Access Control Vulnerability — Bulk Assign Linked Products For WooCommerce 5.3 Medium2025-04-24
CVE-2025-46485 WordPress WP Customize Login Page plugin <= 1.6.5 - Broken Access Control Vulnerability — WP Customize Login Page 5.3 Medium2025-04-24
CVE-2025-46470 WordPress Smart Hashtags [#hashtagger] plugin <= 7.2.3 - Broken Access Control Vulnerability — Smart Hashtags [#hashtagger] 4.3 Medium2025-04-24
CVE-2025-39385 WordPress Sirat theme <= 1.5.1 - Broken Access Control vulnerability — Sirat 4.3 Medium2025-04-24
CVE-2025-39390 WordPress Booking and Rental Manager plugin <= 2.3.6 - Broken Access Control vulnerability — Booking and Rental Manager 5.3 Medium2025-04-24
CVE-2021-47662 Unauthenticated remote shutdown of the cobot — Franka Emika Robot 7.5 High2025-04-24
CVE-2024-13307 Reales WP - Real Estate WordPress Theme <= 2.1.2 - Missing Authorization to Unauthenticated Attachment Deletion and Favorite Property Updates — Reales WP - Real Estate WordPress Theme 5.3 Medium2025-04-24
CVE-2025-3604 Flynax Bridge <= 2.2.0 - Unauthenticated Privilege Escalation via Account Takeover — Flynax Bridge 9.8 Critical2025-04-24
CVE-2025-3058 Xelion Webchat <= 9.1.0 - Authenticated (Subscriber+) Arbitrary Options Update — Xelion Webchat 8.8 High2025-04-24
CVE-2024-12244 Missing Authorization in GitLab — GitLab 4.3 Medium2025-04-24
CVE-2025-1021 Synology DiskStation Manager 安全漏洞 — DiskStation Manager (DSM) 7.5 High2025-04-23
CVE-2025-46247 WordPress Appointment Booking Calendar plugin <= 1.3.92 - Broken Access Control Vulnerability — Appointment Booking Calendar 5.3 Medium2025-04-22
CVE-2025-46244 WordPress Advanced Linked Variations for Woocommerce plugin <= 1.0.3 - Broken Access Control Vulnerability — Advanced Linked Variations for Woocommerce 5.3 Medium2025-04-22
CVE-2025-46232 WordPress Download Alt Text AI plugin <= 1.9.93 - Broken Access Control Vulnerability — Download Alt Text AI 4.3 Medium2025-04-22
CVE-2025-2298 Authenticated API Endpoint Allows Arbitrary File Deletion in Dremio Software — Dremio Software 9.6 -2025-04-21

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5531 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.