Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5524

5524 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-40976 Spring Boot 4.0.0-4.0.5 默认Web安全失效漏洞 — Spring Boot 9.1 Critical2026-04-27
CVE-2026-41464 ProjeQtor < 12.4.4 Missing Authorization via objectDetail.php — ProjeQtor 6.5 Medium2026-04-27
CVE-2026-3569 Liaison Site Prober <= 1.2.1 - Missing Authorization to Unauthenticated Information Exposure in '/logs' REST API Endpoint — Liaison Site Prober 5.3 Medium2026-04-24
CVE-2025-11762 HubSpot All-In-One Marketing - Forms, Popups, Live Chat <= 11.3.32 - Missing Authorization to Authenticated (Contributor+) Installed Plugin Disclosure — HubSpot All-In-One Marketing – Forms, Popups, Live Chat 4.3 Medium2026-04-24
CVE-2026-5347 WP Books Gallery <= 4.8.0 - Missing Authorization to Unauthenticated Settings Update via 'permalink_structure' Parameter — WP Books Gallery – Build Stunning Book Showcases & Libraries in Minutes 5.3 Medium2026-04-24
CVE-2026-6393 BetterDocs <= 4.3.11 - Missing Authorization to Authenticated (Subscriber+) Unauthorized AI API Usage — BetterDocs – Knowledge Base Docs & FAQ Solution for Elementor & Block Editor 4.3 Medium2026-04-24
CVE-2026-5488 ExactMetrics <= 9.1.2 - Authenticated (Subscriber+) Missing Authorization to Google Ads Access Token Retrieval via AJAX Action 'exactmetrics_ads_get_token' — ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) 5.3 Medium2026-04-24
CVE-2026-40623 SenseLive X3050 Missing Authorization — X3050 8.1 High2026-04-23
CVE-2026-41352 OpenClaw < 2026.3.31 - Remote Code Execution via Node Scope Gate Bypass — OpenClaw 8.8 High2026-04-23
CVE-2026-41349 OpenClaw < 2026.3.28 - Agentic Consent Bypass via config.patch — OpenClaw 8.8 High2026-04-23
CVE-2025-62104 WordPress ACF Galerie 4 plugin <= 1.4.2 - Broken Access Control vulnerability — ACF Galerie 4 4.3 Medium2026-04-23
CVE-2026-5464 ExactMetrics <= 9.1.2 - Authenticated (Editor+) Arbitrary Plugin Installation/Activation via exactmetrics_connect_process — ExactMetrics – Google Analytics Dashboard for WordPress (Website Stats Plugin) 7.2 High2026-04-23
CVE-2026-41454 WeKan < 8.35 Missing Authorization via Integration REST API — wekan 8.3 High2026-04-22
CVE-2026-40937 RustFS missing admin authorization on notification target endpoints, which allows unauthenticated configuration of event webhooks — rustfs 8.3 High2026-04-22
CVE-2026-1930 Emailchef <= 3.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion — Emailchef 4.3 Medium2026-04-22
CVE-2026-4117 CalJ <= 1.5 - Authenticated (Subscriber+) Arbitrary Settings Modification via 'save-obtained-key' Action — CalJ Shabbat Times 5.3 Medium2026-04-22
CVE-2026-4119 Create DB Tables <= 1.2.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Database Table Creation/Deletion via admin-post.php — Create DB Tables 9.1 Critical2026-04-22
CVE-2026-6235 Sendmachine for WordPress <= 1.0.20 - Unauthenticated SMTP Hijack to Privilege Escalation via manage_admin_requests — Sendmachine for WordPress 9.8 Critical2026-04-22
CVE-2026-4128 TP Restore Categories And Taxonomies <= 1.0.1 - Missing Authorization to Authenticated (Subscriber+) Taxonomy Deletion via 'tpmcattt_delete_term' AJAX Action — TP Restore Categories And Taxonomies 4.3 Medium2026-04-22
CVE-2026-6834 aEnrich|a+HRD - Missing Authorization — a+HRD 6.5 Medium2026-04-22
CVE-2026-41128 Craft CMS has a Missing Authorization Check on User Group Removal via save-permissions Action — cms 4.3AIMediumAI2026-04-21
CVE-2026-40870 Decidim's comments API allows access to all commentable resources — decidim 7.5 High2026-04-21
CVE-2026-41192 FreeScout's client-controlled attachment IDs allow deletion of existing conversation attachments — freescout 7.1 High2026-04-21
CVE-2026-40592 FreeScout's cross-user undo reply allows mailbox peers to recall another agent's outbound reply — freescout 5.9 Medium2026-04-21
CVE-2026-6703 Responsive Blocks <= 2.2.1 - Missing Authorization to Authenticated (Contributor+) Arbitrary Modification via AJAX Actions — Responsive Blocks – Page Builder for Blocks & Patterns 4.3 Medium2026-04-21
CVE-2026-41298 OpenClaw < 2026.4.2 - Authorization Bypass in Session Termination Endpoint — OpenClaw 5.4 Medium2026-04-20
CVE-2026-40098 OpenMage LTS imports cross-user wishlist item via shared wishlist code, leading to private option disclosure and file-disclosure variant — magento-lts 8.1AIHighAI2026-04-20
CVE-2026-40349 Authenticated Movary User Can Self-Escalate to Administrator via PUT /settings/users/{userId} by Setting isAdmin=true — movary 8.8 High2026-04-18
CVE-2026-32648 Anviz Products Missing Authorization — Anviz CX7 Firmware 5.3 Medium2026-04-17
CVE-2026-35061 Anviz Products Missing Authorization — Anviz CX7 Firmware 5.3 Medium2026-04-17

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5524 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.