Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1241

1241 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2026-41427 Better Auth OAuth 2.1 Provider: Unprivileged users can register OAuth clients — better-auth 4.3AIMediumAI2026-04-24
CVE-2026-23902 Apache DolphinScheduler: Users are able to use tenants that are not defined on the platform during workflow execution. — Apache DolphinScheduler 8.8AIHighAI2026-04-24
CVE-2026-41068 Kyverno: Cross-Namespace Read Bypasses RBAC Isolation (CVE-2026-22039 Incomplete Fix) — kyverno 7.7 High2026-04-24
CVE-2026-41325 Kirby is vulnerable to authorization bypass during page, file and user creation via blueprint injection — kirby 8.8AIHighAI2026-04-24
CVE-2026-40099 Kirby's page creation API bypasses the changeStatus permission check via unfiltered isDraft parameter — kirby 6.5AIMediumAI2026-04-24
CVE-2026-41350 OpenClaw < 2026.3.31 - Session Visibility Bypass via session_status in Unsandboxed Invocations — OpenClaw 4.3 Medium2026-04-23
CVE-2026-41348 OpenClaw < 2026.3.31 - Group DM Channel Allowlist Bypass via Discord Slash Commands — OpenClaw 5.4 Medium2026-04-23
CVE-2026-41344 OpenClaw < 2026.3.28 - Privilege Escalation via chat.send /verbose Parameter — OpenClaw 5.4 Medium2026-04-23
CVE-2026-41909 OpenClaw < 2026.4.20 - Improper Authorization in Paired-Device Pairing Actions — OpenClaw 5.4 Medium2026-04-23
CVE-2026-41908 OpenClaw < 2026.4.20 - Scope Enforcement Bypass in Assistant-Media Route — OpenClaw 4.3 Medium2026-04-23
CVE-2026-41233 Froxlor has a Reseller Domain Quota Bypass via Unvalidated adminid Parameter in Domains.add() — froxlor 5.4 Medium2026-04-23
CVE-2026-41232 Froxlor has an Email Sender Alias Domain Ownership Bypass via Wrong Array Index that Allows Cross-Customer Email Spoofing — froxlor 5.0 Medium2026-04-23
CVE-2026-35370 uutils coreutils id Incorrect Access-Control Decisions via Misrepresented Group Membership — coreutils 4.4 Medium2026-04-22
CVE-2025-9957 Incorrect Authorization in GitLab — GitLab 2.7 Low2026-04-22
CVE-2026-5377 Incorrect Authorization in GitLab — GitLab 4.3 Medium2026-04-22
CVE-2026-41131 OpenFGA has Improper Policy Enforcement — openfga 5.0 Medium2026-04-21
CVE-2026-40599 ClearanceKit: Ad-hoc signed binaries can spoof Apple process identities in the global allowlist — clearancekit 6.2AIMediumAI2026-04-21
CVE-2026-41191 FreeScout's signature only mailbox permission allows unauthorized mailbox chat setting changes — freescout 7.1 High2026-04-21
CVE-2026-41190 FreeScout has assigned-only visibility bypass via save_draft that allows hidden conversation draft injection — freescout 7.1 High2026-04-21
CVE-2026-41189 FreeScout has assigned-only visibility bypass that allows editing hidden customer-authored threads — freescout 7.1 High2026-04-21
CVE-2026-40574 OAuth2 Proxy has an Authorization Bypass in Email Domain Validation via Malformed Multi-@ Email Claims — oauth2-proxy 6.8 Medium2026-04-21
CVE-2026-29179 October: Editor Sub-Permission Bypass for Asset and Blueprint File Operations — october 3.3 Low2026-04-21
CVE-2026-24176 NVIDIA KAI Scheduler 安全漏洞 — KAI Scheduler 4.3 Medium2026-04-21
CVE-2026-26067 October: Safe Mode Bypass via CSS Preprocessor Compilers — october 4.9 Medium2026-04-21
CVE-2026-41303 OpenClaw < 2026.3.28 - Authorization Bypass in Discord Text Approval Commands — OpenClaw 8.8 High2026-04-20
CVE-2026-34082 Dify has IDOR in deleting someone else's chat conversation — dify 4.3AIMediumAI2026-04-20
CVE-2025-13480 Incorrect authorization in Fudo Enterprise — Fudo Enterprise 8.8AIHighAI2026-04-20
CVE-2026-32228 Apache Airflow: Users with asset materialization permisssions could trigger Dags they had no access to — Apache Airflow 7.1AIHighAI2026-04-18
CVE-2026-40350 Movary User Management (/settings/users) has Authorization Bypass that Allows Low-Privileged Users to Enumerate All Users and Create Administrator Accounts — movary 8.8 High2026-04-18
CVE-2026-40155 Auth0 Next.js SDK has Improper Proxy Cache Lookup — nextjs-auth0 5.4 Medium2026-04-17

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1241 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.