Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-15395 IBM Jazz Foundation access control violation — Jazz Foundation 4.3 Medium2026-02-02
CVE-2025-15525 Ajax Load More – Infinite Scroll, Lazy Load & Load More <= 7.8.1 - Incorrect Authorization to Unauthenticated Private/Draft Post Title and Excerpt Exposure — Ajax Load More – Infinite Scroll, Load More, & Lazy Load 5.3 Medium2026-01-31
CVE-2025-15322 Tanium addressed an improper access controls vulnerability in Tanium Server. — Tanium Server 4.3 Medium2026-01-30
CVE-2026-25040 Budibase Vulnerable to Privilege Escalation via API Abuse – Creator Can Invite Users with Admin/Any Role — budibase 8.8AIHighAI2026-01-29
CVE-2025-15288 Tanium addressed an improper access controls vulnerability in Interact. — Interact 3.1 Low2026-01-29
CVE-2026-22806 vCluster Platform's Access Keys Allows Access Beyond Scope — loft 9.1 Critical2026-01-29
CVE-2026-24780 AutoGPT is Vulnerable to RCE via Disabled Block Execution — AutoGPT 8.8AIHighAI2026-01-29
CVE-2026-24742 Discourse staff action logs expose sensitive information to moderators — discourse 6.5 Medium2026-01-28
CVE-2025-13985 Entity Share - Moderately critical - Access bypass, Information Disclosure - SA-CONTRIB-2025-123 — Entity Share 7.5AIHighAI2026-01-28
CVE-2025-69289 Discourse has insecure default configuration that allows non-admin moderators to takeover any non-staff account via email change — discourse 8.8AIHighAI2026-01-28
CVE-2025-69218 Discourse moderators can access admin-only reports exposing private upload URLs — discourse 6.5AIMediumAI2026-01-28
CVE-2025-68933 Discourse non-admin moderators can exfiltrate private content via post ownership transfer — discourse 6.9 Medium2026-01-28
CVE-2025-68666 Discourse users archives leaked to users with moderation privileges — discourse 4.3AIMediumAI2026-01-28
CVE-2025-68660 Discourse AI Discover's continue conversation allows threat actor to impersonate user — discourse 5.4AIMediumAI2026-01-28
CVE-2020-36969 M/Monit 3.7.4 - Privilege Escalation — M/Monit 8.8 High2026-01-28
CVE-2026-1514 2100 Technology|Official Document Management System - Incorrect Authorization — Official Document Management System 6.5 Medium2026-01-28
CVE-2026-24748 Kargo's `GetConfig()` and `RefreshResource()` API endpoints allow unauthenticated access — kargo 5.3AIMediumAI2026-01-27
CVE-2020-36948 VestaCP 0.9.8-26 - 'LoginAs' Insufficient Session Validation — VestaCP 9.8 Critical2026-01-27
CVE-2026-24480 QGIS had validated RCE and Repository Takeover via GitHub Actions — QGIS 9.8AICriticalAI2026-01-27
CVE-2026-24428 Tenda W30E V2 Incorrect Authorization Allows Administrator Password Change — W30E V2 8.8AIHighAI2026-01-26
CVE-2025-14866 Melapress Role Editor <= 1.1.1 - Improper Authorization to Authenticated (Subscriber+) Privilege Escalation via Secondary Role Assignment — Melapress Role Editor 8.8 High2026-01-23
CVE-2025-13928 Incorrect Authorization in GitLab — GitLab 7.5 High2026-01-22
CVE-2026-23964 Mastodon has insufficient access control to push notification settings — mastodon 6.5 Medium2026-01-22
CVE-2026-23961 Mastodon may allow a remote suspension bypass — mastodon 5.3 Medium2026-01-22
CVE-2026-22822 External Secrets Operator insecurely retrieves secrets through the getSecretKey templating function — external-secrets 6.5AIMediumAI2026-01-21
CVE-2025-68140 EVerest allows null session ID to bypass session ID verification — everest-core 4.3 Medium2026-01-21
CVE-2026-23837 MyTube has an Authorization Bypass vulnerability — MyTube 9.8 Critical2026-01-19
CVE-2026-1007 Devolutions Server 安全漏洞 — Server 4.3AIMediumAI2026-01-19
CVE-2025-43904 SchedMD Slurm 安全漏洞 — Slurm 4.2 Medium2026-01-16
CVE-2025-66005 Lack of Authentication in the InputManager D-Bus interface — inputplumber 7.8AIHighAI2026-01-14

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.