Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-862 (授权机制缺失) — Vulnerability Class 5527

5527 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-1722 WCFM Marketplace <= 3.7.0 - Insecure Direct Object Reference to Unauthenticated Arbitrary Refund Request Creation — WCFM Marketplace – Multivendor Marketplace for WooCommerce 5.3 Medium2026-02-10
CVE-2026-24327 Missing Authorization Check in SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application) — SAP Strategic Enterprise Management (Balanced Scorecard in BSP Application) 4.3 Medium2026-02-10
CVE-2026-24326 Missing authorization check in SAP S/4HANA Defense & Security (Disconnected Operations) — SAP S/4HANA Defense & Security (Disconnected Operations) 4.3 Medium2026-02-10
CVE-2026-24322 Missing Authorization check in SAP Solution Tools Plug-In (ST-PI) — SAP Solution Tools Plug-In (ST-PI) 7.7 High2026-02-10
CVE-2026-24312 Missing authorization check in SAP Business Workflow — SAP Business Workflow 5.2 Medium2026-02-10
CVE-2026-23688 Missing Authorization check in SAP Fiori App (Manage Service Entry Sheets - Lean Services) — SAP Fiori App (Manage Service Entry Sheets - Lean Services) 4.3 Medium2026-02-10
CVE-2026-23681 Missing Authorization check in a function module in SAP Support Tools Plug-In — SAP Support Tools Plug-In 4.3 Medium2026-02-10
CVE-2026-0509 Missing Authorization check in SAP NetWeaver Application Server ABAP and ABAP Platform — SAP NetWeaver Application Server ABAP and ABAP Platform 9.6 Critical2026-02-10
CVE-2026-0490 Denial of service (DOS) in SAP BusinessObjects BI Platform — SAP BusinessObjects BI Platform 7.5 High2026-02-10
CVE-2026-0488 Code Injection vulnerability in SAP CRM and SAP S/4HANA (Scripting Editor) — SAP CRM and SAP S/4HANA (Scripting Editor) 9.9 Critical2026-02-10
CVE-2026-0486 Missing Authorization Check in ABAP based SAP systems — ABAP based SAP systems 5.0 Medium2026-02-10
CVE-2026-0845 WCFM - WooCommerce Frontend Manager <= 6.7.24 - Authenticated (Shop Manager+) Arbitrary Options Update — WCFM – Frontend Manager for WooCommerce 7.2 High2026-02-09
CVE-2026-25939 FUXA Unauthenticated Remote Arbitrary Scheduler Write — FUXA 9.3AICriticalAI2026-02-09
CVE-2026-25808 Hollo DMs get leaked and can be seen on Webfinger Browser — hollo 7.5 High2026-02-09
CVE-2026-25806 PlaciPy has Missing Authorization Checks on Student Management Endpoints (IDOR) — assessment-placipy 9.1AICriticalAI2026-02-09
CVE-2026-25810 PlaciPy is Missing Object-Level Authorization in student.submission.routes.ts — assessment-placipy 9.1AICriticalAI2026-02-09
CVE-2026-25876 PlaciPy is Missing Authorization on Assessment Results Endpoint — assessment-placipy 7.5AIHighAI2026-02-09
CVE-2026-24777 OpenProject has Improper Access Control on User Management allows user managers to lock admin accounts — openproject 6.7 Medium2026-02-09
CVE-2026-24095 Missing Permission Check on Analyze Configuration Page — Checkmk 4.3AIMediumAI2026-02-09
CVE-2026-2208 WeKan Rules rules.js RulesBleed authorization — WeKan 4.3 Medium2026-02-08
CVE-2025-15476 The Bucketlister <= 0.1.5 - Missing Authorization to Authenticated (Subscriber+) Bucket List Modification — The Bucketlister 4.3 Medium2026-02-07
CVE-2026-25752 FUXA Unauthenticated Remote Arbitrary Device Tag Write — FUXA 7.5AIHighAI2026-02-06
CVE-2026-23632 Gogs user can update repository content with read-only permission — gogs 6.5 Medium2026-02-06
CVE-2026-22592 Gogs is Vulnerable to Denial of Service — gogs 6.5 Medium2026-02-06
CVE-2026-1499 WP Duplicate <= 1.1.8 - Authenticated (Subscriber+) Arbitrary File Upload via 'process_add_site' AJAX Action — WP Duplicate – WordPress Migration Plugin 8.8 High2026-02-06
CVE-2025-10753 OAuth Single Sign On – SSO (OAuth Client) <= 6.26.14 - Missing Authorization — OAuth Single Sign On – SSO (OAuth Client) 5.3 Medium2026-02-06
CVE-2025-15326 Tanium addressed an improper access controls vulnerability in Patch. — Patch 4.3 Medium2026-02-05
CVE-2025-15327 Tanium addressed an improper access controls vulnerability in Deploy. — Deploy 4.3 Medium2026-02-05
CVE-2025-15330 Tanium addressed an improper input validation vulnerability in Deploy. — Deploy 8.8 High2026-02-05
CVE-2025-15289 Tanium addressed an improper access controls vulnerability in Interact. — Interact 3.1 Low2026-02-05

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.