Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5525

5525 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-3351 Authorization Bypass in LXD GET /1.0/certificates Endpoint — lxd 4.3AIMediumAI2026-03-03
CVE-2026-1336 AI ChatBot with ChatGPT and Content Generator by AYS <= 2.7.5 - Missing Authorization to Unauthenticated API Key Modification — AI ChatBot with ChatGPT and Content Generator by AYS 5.3 Medium2026-03-02
CVE-2026-3432 Sim Studio AI - Unauthenticated OAuth Token Theft — sim 7.5AIHighAI2026-03-02
CVE-2026-3431 Sim Studio AI - MongoDB SSRF and Arbitrary Document Deletion — sim 9.8 Critical2026-03-02
CVE-2026-28557 wpForo Forum 2.4.14 Privilege Escalation via Role Synchronization Handler — wpForo Forum 6.5 Medium2026-02-28
CVE-2026-28556 wpForo Forum 2.4.14 Missing Authorization via Topic Management Form Handlers — wpForo Forum 5.4 Medium2026-02-28
CVE-2026-28555 wpForo Forum 2.4.14 Missing Authorization via Topic Close AJAX Handler — wpForo Forum 4.3 Medium2026-02-28
CVE-2026-28554 wpForo Forum 2.4.14 Missing Authorization via Post Approval AJAX Handler — wpForo Forum 4.3 Medium2026-02-28
CVE-2026-28424 Statamic's missing authorization allows access to email addresses — cms 6.5 Medium2026-02-27
CVE-2026-28515 openDCIM <= 23.04 Missing Authorization in install.php — openDCIM 8.8 -2026-02-27
CVE-2026-28408 WeGIA lacks authentication verification in adicionar_tipo_docs_atendido.php — WeGIA 9.8 Critical2026-02-27
CVE-2026-27836 phpMyFAQ Allows Unauthenticated Account Creation via WebAuthn Prepare Endpoint — phpMyFAQ 7.5 High2026-02-27
CVE-2026-27792 Seerr missing authentication on pushSubscription endpoints — seerr 5.4 Medium2026-02-27
CVE-2026-28217 IDOR in GraphQL userCollection Query Exposes Other Users' Private Collections — hoppscotch 6.5 Medium2026-02-26
CVE-2026-27638 ActualBudget missing authorization in sync endpoints allows cross-user budget file access in multi-user mode — actual 8.1AIHighAI2026-02-26
CVE-2026-27457 Weblate: Missing access control for the AddonViewSet API exposes all addon configurations — weblate 4.3 Medium2026-02-26
CVE-2026-27151 Discourse doesn't validate destination topic when moving posts — discourse 4.3AIMediumAI2026-02-26
CVE-2026-27150 Discourse doesn't ensure guardian check when creating QueryGroupBookmark — discourse 4.3AIMediumAI2026-02-26
CVE-2026-27021 Discourse: Poll voters endpoint lacked post visibility checks — discourse 5.3AIMediumAI2026-02-26
CVE-2026-26979 Discourse: TL4 users are able to change status of restricted topics — discourse 5.4AIMediumAI2026-02-26
CVE-2026-26207 DIscourse's discourse-policy plugin lacks post access check — discourse 5.4 Medium2026-02-26
CVE-2026-24004 Fleet: Unauthenticated Android device disenrollment vulnerability via Pub/Sub endpoint — fleet 8.2AIHighAI2026-02-26
CVE-2026-27954 LiveHelperChat has department-level authorization bypass in holdaction, blockuser, and transferchat endpoints — livehelperchat 8.8AIHighAI2026-02-26
CVE-2026-27946 ZITADEL Users Can Self-Verify Email/Phone via UpdateHumanUser API — zitadel 4.3AIMediumAI2026-02-26
CVE-2025-14103 Missing Authorization in GitLab — GitLab 4.3 Medium2026-02-25
CVE-2026-25164 OpenEMR's Document and Insurance REST Endpoints Skip ACL — openemr 8.1 High2026-02-25
CVE-2026-28195 JetBrains TeamCity 安全漏洞 — TeamCity 4.3 Medium2026-02-25
CVE-2026-28193 JetBrains YouTrack 安全漏洞 — YouTrack 8.8 High2026-02-25
CVE-2026-26104 Udisks: missing authorization check allows unprivileged users to back up luks headers via udisks d-bus api — Red Hat Enterprise Linux 10 5.5 Medium2026-02-25
CVE-2026-26103 Udisks: missing authorization check allows unprivileged users to restore luks headers via udisks d-bus api — Red Hat Enterprise Linux 10 7.1 High2026-02-25

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5525 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.