Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5525

5525 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3226 LearnPress <= 4.3.2.8 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Email Notification Triggering — LearnPress – WordPress LMS Plugin for Create and Sell Online Courses 4.3 Medium2026-03-12
CVE-2026-32126 OpenEMR: Inverted ACL Condition in CDR ControllerRouter Allows Any Authenticated User to Modify/Delete Clinical Rules and Plans — openemr 7.1 High2026-03-11
CVE-2026-32122 OpenEMR: Missing Authorization on Claim File Tracker UI and AJAX Endpoint (V2) — openemr 4.3 Medium2026-03-11
CVE-2025-12704 Missing Authorization in GitLab — GitLab 3.5 Low2026-03-11
CVE-2026-1663 Missing Authorization in GitLab — GitLab 4.3 Medium2026-03-11
CVE-2026-3906 WordPress 6.9 - 6.9.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Note Creation via REST API — WordPress 4.3 Medium2026-03-11
CVE-2026-1781 MC4WP: Mailchimp for WordPress <= 4.11.1 - Missing Authorization to Unauthenticated Arbitrary Subscription Deletion — MC4WP: Mailchimp for WordPress 6.5 Medium2026-03-11
CVE-2026-31821 Sylius is Missing Authorization in API v2 Add Item Endpoint — Sylius 5.3AIMediumAI2026-03-10
CVE-2026-31800 Parse Server: Classes `_GraphQLConfig` and `_Audience` master key bypass via generic class routes — parse-server 9.8AICriticalAI2026-03-10
CVE-2026-3582 Incorrect Authorization in GitHub Enterprise Server allows access to issue and commit search results without repo scope — Enterprise Server 6.5AIMediumAI2026-03-10
CVE-2026-30970 Session authentication bypass in Coral Server session creation endpoint — coral-server 8.2AIHighAI2026-03-10
CVE-2026-30968 Coral Server has insufficient validation of agent identity for SSE connections — coral-server 6.5AIMediumAI2026-03-10
CVE-2026-27688 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAP 5.0 Medium2026-03-10
CVE-2026-27687 Missing Authorization check in SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal — SAP S/4HANA HCM Portugal and SAP ERP HCM Portugal 5.8 Medium2026-03-10
CVE-2026-27686 Missing Authorization check in SAP Business Warehouse (Service API) — SAP Business Warehouse (Service API) 5.9 Medium2026-03-10
CVE-2026-24313 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI) — SAP Solution Tools Plug-In (ST-PI) 5.0 Medium2026-03-10
CVE-2026-24310 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAP 3.5 Low2026-03-10
CVE-2026-24309 Missing Authorization check in SAP NetWeaver Application Server for ABAP — SAP NetWeaver Application Server for ABAP 6.4 Medium2026-03-10
CVE-2025-11158 Hitachi Vantara Pentaho Data Integration & Analytics - Missing Authorization — Pentaho Data Integration and Analytics 9.1 Critical2026-03-09
CVE-2026-25045 Budibase Critical Privilege Escalation & IDOR via Missing RBAC on User Role Management (Creator-Role) — budibase 8.8AIHighAI2026-03-09
CVE-2026-3638 Devolutions Server 安全漏洞 — Server 6.5AIMediumAI2026-03-09
CVE-2025-41765 Unchecked role in wwwupload.cgi — UBR-01 Mk II 9.1 Critical2026-03-09
CVE-2025-41764 Unchecked role in wwwupdate.cgi — UBR-01 Mk II 9.1 Critical2026-03-09
CVE-2026-30850 Parse Server: File metadata endpoint bypasses `beforeFind` / `afterFind` trigger authorization — parse-server 5.3 -2026-03-07
CVE-2026-30842 Wallos: Authenticated Missing Authorization Allows Deletion of Other Users’ Uploaded Avatars — Wallos 4.3 Medium2026-03-07
CVE-2026-1650 MDJM Event Management <= 1.7.8.1 - Missing Authorization to Unauthenticated Arbitrary Custom Event Field Deletion — MDJM Event Management 5.3 Medium2026-03-07
CVE-2026-2488 ProfileGrid <= 5.9.8.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Message Deletion — ProfileGrid – User Profiles, Groups and Communities 4.3 Medium2026-03-07
CVE-2026-1981 Winston AI <= 0.0.3 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Plugin Settings Deletion — HUMN-1 AI Website Scanner & Human Certification by Winston AI 4.3 Medium2026-03-06
CVE-2026-2371 Greenshift <= 12.8.3 - Missing Authorization to Unauthenticated Private Reusable Block Disclosure via 'gspb_el_reusable_load' — Greenshift – animation and page builder blocks 5.3 Medium2026-03-06
CVE-2026-29789 Vito: Cross-project privilege escalation in workflow site-creation actions allows unauthorized server modification — vito 10.0 Critical2026-03-06

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5525 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.