CWE-862 (授权机制缺失) — Vulnerability Class 5527

5527 vulnerabilities classified as CWE-862 (授权机制缺失). AI Chinese analysis included.

CVE ID	Title	CVSS	Severity	Published
CVE-2026-35179	WWBN AVideo Unauthenticated Instagram Graph API Proxy via publishInstagram.json.php — AVideo	5.3	Medium	2026-04-06
CVE-2026-35175	Ajenti has an authorization bypass during custom package installation — ajenti	6.5^AI	Medium^AI	2026-04-06
CVE-2026-34976	Dgraph Affected by Pre-Auth Database Overwrite + SSRF + File Read via restoreTenant Missing Authorization — dgraph	10.0	Critical	2026-04-06
CVE-2024-14032	Twitch Studio LauncherHelper XPC Missing Authorization to Root File Write — Twitch Studio	7.8	High	2026-04-06
CVE-2026-3524	Authorization Bypass in Mattermost Legal Hold Plugin Due to Missing Return After Permission Check — Mattermost	8.3	High	2026-04-06
CVE-2026-5574	Technostrobe HI-LED-WR120-G2 FsBrowseClean deletefile authorization — HI-LED-WR120-G2	6.5	Medium	2026-04-05
CVE-2026-2826	Kadence Blocks — Page Builder Toolkit for Gutenberg Editor <= 3.6.3 - Missing Authorization to Authenticated (Contributor+) Media Upload — Kadence Blocks — Page Builder Toolkit for Gutenberg Editor	4.3	Medium	2026-04-04
CVE-2026-3445	Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress <= 4.16.11 - Missing Authorization to Authenticated (Subscriber+) Membership Payment Bypass — Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile & Restrict Content – ProfilePress	7.1	High	2026-04-04
CVE-2026-3571	Pie Register – User Registration, Profiles & Content Restriction <= 3.8.4.8 - Missing Authorization to Unauthenticated Registration Form Status Modification — Pie Register – User Registration, Profiles & Content Restriction	6.5	Medium	2026-04-04
CVE-2026-34766	Electron: USB device selection not validated against filtered device list — electron	3.3	Low	2026-04-03
CVE-2026-27833	Piwigo: Unauthenticated Information Disclosure via pwg.history.search API — Piwigo	7.5	High	2026-04-03
CVE-2026-22663	prompts.chat Authorization Bypass Information Disclosure — prompts.chat	7.5	High	2026-04-03
CVE-2026-25742	Zulip: Anonymous File Access After Disabling Spectator Access — zulip	5.3	Medium	2026-04-03
CVE-2026-35561	Insufficient authentication security controls in browser-based authentication components in Amazon Athena ODBC driver — Amazon Athena ODBC driver	7.4	High	2026-04-03
CVE-2026-34759	OneUptime: Unauthenticated notification API endpoints - financial abuse via phone number purchase, service disruption, and SMTP credential exposure — oneuptime	8.2^AI	High^AI	2026-04-02
CVE-2026-20155	Cisco Evolved Programmable Network Manager Improper Authorization Vulnerability — Cisco Evolved Programmable Network Manager (EPNM)	8.0	High	2026-04-01
CVE-2026-5175	Devolutions Server 安全漏洞 — Server	6.5^AI	Medium^AI	2026-04-01
CVE-2026-4925	Devolutions Server 安全漏洞 — Server	6.5^AI	Medium^AI	2026-04-01
CVE-2026-3831	Database for Contact Form 7, WPforms, Elementor forms <= 1.4.9 - Missing Authorization to Authenticated (Contributor+) Sensitive Information Exposure via Shortcode — Database for Contact Form 7, WPforms, Elementor forms	4.3	Medium	2026-04-01
CVE-2026-34737	AVideo: Arbitrary Stripe Subscription Cancellation via Debug Endpoint and retrieveSubscriptions() Bug — AVideo	6.5	Medium	2026-03-31
CVE-2026-34395	AVideo: Mass User PII Disclosure via Missing Authorization in YPTWallet users.json.php — AVideo	6.5	Medium	2026-03-31
CVE-2026-1797	Truebooker - Appointment Booking and Scheduler Plugin <= 1.1.4 - Sensitive Information Exposure via Views Files — TrueBooker – Appointment Booking and Scheduler System	5.3	Medium	2026-03-31
CVE-2026-34042	act: actions/cache server allows malicious cache injection — act	8.2	High	2026-03-31
CVE-2026-33887	Statamic allows unauthorized content access through missing authorization in its revision controllers — cms	5.4	Medium	2026-03-27
CVE-2026-29180	Fleet's team maintainer can transfer hosts from any team via missing source team authorization — fleet	9.1	-	2026-03-27
CVE-2026-34369	AVIdeo has Video Password Protection Bypass via API Endpoints Returning Full Playback Sources Without Password Verification — AVideo	5.3	Medium	2026-03-27
CVE-2026-34247	AVideo's IDOR in uploadPoster.php Allows Any Authenticated User to Overwrite Scheduled Live Stream Posters and Trigger False Socket Notifications — AVideo	5.4	Medium	2026-03-27
CVE-2026-34245	AVideo's Missing Authorization in Playlist Schedule Creation Allows Cross-User Broadcast Hijacking — AVideo	6.3	Medium	2026-03-27
CVE-2026-5025	Langflow - Application Logs Exposed to All Authenticated Users — langflow	6.5	Medium	2026-03-27
CVE-2026-5022	Langflow - Missing Authorization on download_image Endpoint — langflow	5.3	-	2026-03-27

Vulnerabilities classified as CWE-862 (授权机制缺失) represent 5527 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.

Goal Reached Thanks to every supporter — we hit 100%!

CWE-862 (授权机制缺失) — Vulnerability Class 5527