Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5525

5525 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-30889 Discourse has Unauthorized Post Data Exposure in discourse-user-notes — discourse 4.3 -2026-03-20
CVE-2026-32817 Admidio is Missing Authorization and CSRF Protection on Document and Folder Deletion — admidio 9.1 Critical2026-03-20
CVE-2026-32818 Admidio is Missing Authorization on Forum Topic and Post Deletion — admidio 6.5 Medium2026-03-19
CVE-2026-33408 Discourse has Improper Authorization in "Post Edits" Report For Moderators — discourse 2.2 Low2026-03-19
CVE-2026-29072 Discourse missing permission check for policy creation in discourse-policy — discourse 4.3 -2026-03-19
CVE-2026-32622 SQLBot: Remote Code Execution via Terminology Poisoning — SQLBot 8.8 -2026-03-19
CVE-2026-27491 Discourse has a bypass of official warnings messages by non-staff users — discourse 4.3 -2026-03-19
CVE-2026-27454 Discourse has check revision visibility on posts endpoint — discourse 5.3 Medium2026-03-19
CVE-2026-26939 Missing Authorization in Kibana Leading to Unauthorized Endpoint Response Action Configuration — Kibana 6.5 Medium2026-03-19
CVE-2026-25443 WordPress Fraud Prevention For Woocommerce plugin <= 2.3.3 - Arbitrary Content Deletion vulnerability — Fraud Prevention For Woocommerce 7.5 High2026-03-19
CVE-2026-3475 Instant Popup Builder <= 1.1.7 - Unauthenticated Arbitrary Shortcode Execution via 'token' Parameter — Instant Popup Builder – Powerful Popup Maker for Opt-ins, Email Newsletters & Lead Generation 5.3 Medium2026-03-19
CVE-2026-25312 WordPress EventPrime plugin <= 4.2.8.3 - Payment Bypass vulnerability — EventPrime 7.1 -2026-03-19
CVE-2026-27091 WordPress UiPress lite plugin <= 3.5.09 - Broken Access Control vulnerability — UiPress lite 6.3 Medium2026-03-19
CVE-2026-28070 WordPress WP eMember plugin <= v10.2.2 - Broken Access Control vulnerability — WP eMember 5.3 Medium2026-03-19
CVE-2026-32736 Hytale Modding Wiki has Insecure Direct Object Reference / GDPR PII Exposure — wiki 4.3 Medium2026-03-18
CVE-2026-2992 KiviCare <= 4.1.2 - Missing Authorization to Unauthenticated Privilege Escalation via Setup Wizard — KiviCare – Clinic & Patient Management System (EHR) 8.2 High2026-03-18
CVE-2026-2559 Post SMTP <= 3.8.0 - Missing Authorization to Authenticated (Subscriber+) Office 365 OAuth Configuration Overwrite — Post SMTP – Complete Email Deliverability and SMTP Solution with Email Logs, Alerts, Backup SMTP & Mobile App 5.3 Medium2026-03-18
CVE-2026-32565 WordPress Contextual Related Posts plugin < 4.2.2 - Broken Access Control vulnerability — Contextual Related Posts 8.1 -2026-03-18
CVE-2026-1217 Yoast Duplicate Post <= 4.5 - Authenticated (Contributor+) Missing Authorization to Arbitrary Post Duplication and Overwrite — Yoast Duplicate Post 5.4 Medium2026-03-18
CVE-2026-32268 Azure Blob Storage for Craft CMS Potential Sensitive Information Disclosure vulnerability — azure-blob 4.3 -2026-03-18
CVE-2026-1926 Subscriptions for WooCommerce <= 1.9.2 - Missing Authorization to Unauthenticated Arbitrary Subscription Cancellation — Subscriptions for WooCommerce 5.3 Medium2026-03-18
CVE-2026-4064 Devolutions PowerShell Universal 安全漏洞 — PowerShell Universal 8.8AIHighAI2026-03-17
CVE-2026-30911 Apache Airflow: Execution API HITL Endpoints Missing Per-Task Authorization — Apache Airflow 8.1AIHighAI2026-03-17
CVE-2026-4202 Broken Access Control in extension "Redirect Tab" — Extension "Redirect Tabs" 5.4AIMediumAI2026-03-17
CVE-2026-32586 WordPress Booster for WooCommerce plugin < 7.11.3 - Broken Access Control vulnerability — Booster for WooCommerce 8.1AIHighAI2026-03-17
CVE-2026-2373 Royal Addons for Elementor – Addons and Templates Kit for Elementor <= 1.7.1049 - Missing Authorization to Unauthenticated Custom Post Type Contents Exposure — Royal Addons for Elementor – Addons and Templates Kit for Elementor 5.3 Medium2026-03-17
CVE-2026-32587 WordPress WP EasyPay plugin <= 4.2.11 - Broken Access Control vulnerability — WP EasyPay 8.2AIHighAI2026-03-16
CVE-2026-32583 WordPress Modern Events Calendar plugin <= 7.29.0 - Broken Access Control vulnerability — Modern Events Calendar 5.3 Medium2026-03-16
CVE-2026-2458 Unauthorized channel enumeration in private teams after member removal — Mattermost 4.3 Medium2026-03-16
CVE-2026-2463 Unauthorized access to invite ID during team creation — Mattermost 4.3 Medium2026-03-16

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5525 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.