Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-15513 Float Payment Gateway <= 1.1.9 - Improper Authorization to Unauthenticated Order Status Manipulation — Float Payment Gateway 5.3 Medium2026-01-14
CVE-2026-21274 Dreamweaver Desktop | Incorrect Authorization (CWE-863) — Dreamweaver Desktop 7.8 High2026-01-13
CVE-2026-0684 CP Image Store with Slideshow <= 1.1.9 - Missing Authorization to Authenticated (Contributor+) Arbitrary Product Import — CP Image Store with Slideshow 4.3 Medium2026-01-13
CVE-2025-59020 TYPO3 CMS Allows Broken Access Control in Edit Document Controller — TYPO3 CMS 4.3AIMediumAI2026-01-13
CVE-2026-22784 Lychee cross-album password propagation on Album unlocking — Lychee 8.1AIHighAI2026-01-12
CVE-2025-41078 Multiple vulnerabilities in Viafirma products — Viafirma Documents 7.5AIHighAI2026-01-12
CVE-2026-0831 Templately <= 3.4.8 - Unauthenticated Limited Arbitrary JSON File Write — Templately – Elementor & Gutenberg Template Library: 6500+ Free & Pro Ready Templates And Cloud! 5.3 Medium2026-01-10
CVE-2025-14943 Blog2Social: Social Media Auto Post & Scheduler <= 8.7.2 - Incorrect Authorization to Authenticated (Subscriber+) Sensitive Information Exposure — Blog2Social: Social Media Auto Post & Scheduler 4.3 Medium2026-01-10
CVE-2026-22595 Ghost has Staff Token permission bypass — Ghost 8.1 High2026-01-10
CVE-2025-62487 Under certain configurations, file artifacts uploaded to the Dossier and Slides apps did not inherit security markings of their parent artifact. This lack of security markings could lead to unintended access to the uploaded files. — com.palantir.acme:gotham-default-apps-bundle 3.5 Low2026-01-09
CVE-2025-13753 WP Table Builder <= 2.0.19 - Incorrect Authorization to Authenticated (Subscriber+) Arbitrary Table Creation — WP Table Builder – Drag & Drop Table Builder 4.3 Medium2026-01-09
CVE-2026-22253 Soft Serve is missing an authorization check in LFS lock deletion — soft-serve 5.4 Medium2026-01-08
CVE-2026-21896 Kirby is missing permission checks in the content changes API — kirby 4.3 -2026-01-08
CVE-2026-22230 OPEXUS eCASE Audit incorrect access control — eCASE Audit 7.6 High2026-01-08
CVE-2025-14352 Awesome Hotel Booking <= 1.0.3 - Incorrect Authorization to Unauthenticated Arbitrary Booking Modification — Awesome Hotel Booking 5.3 Medium2026-01-07
CVE-2020-36920 iDS6 DSSPro Digital Signage System 6.2 Privilege Escalation via Access Control — iDS6 DSSPro Digital Signage System 8.8 High2026-01-06
CVE-2025-64421 Coolify has a privilege escalation - low privileged user can invite themselves as an admin user — coolify 8.8 -2026-01-05
CVE-2025-69417 Plex Media Server 安全漏洞 — plex.tv backend 5.0 Medium2026-01-02
CVE-2025-69416 Plex media server 安全漏洞 — plex.tv backend 5.0 Medium2026-01-02
CVE-2025-69414 Plex media server 安全漏洞 — Media Server 8.5 High2026-01-02
CVE-2025-14986 ExecuteMultiOperation Namespace Policy Bypass — Temporal 8.1 -2025-12-30
CVE-2025-14987 Cross Namespace Commands Authorization Bypass — Temporal 8.8 -2025-12-30
CVE-2025-68941 Gitea 安全漏洞 — Gitea 4.9 Medium2025-12-26
CVE-2025-68940 Gitea 安全漏洞 — Gitea 3.1 Low2025-12-26
CVE-2025-68938 Gitea 安全漏洞 — Gitea 4.3 Medium2025-12-26
CVE-2025-66378 Pexip Infinity 安全漏洞 — Infinity 5.9 Medium2025-12-25
CVE-2025-59683 Pexip Infinity 安全漏洞 — Infinity 8.2 High2025-12-25
CVE-2019-25237 V-SOL GPON/EPON OLT Platform 2.03 Privilege Escalation via User Role Parameter — SOL GPON/EPON OLT Platform 9.8 Critical2025-12-24
CVE-2018-25146 Microhard Systems IPn4G 1.1.0 Service Control Denial of Service — Microhard Systems 3G/4G Cellular Ethernet and Serial Gateway Service Control DoS 8.1 High2025-12-24
CVE-2025-2515 Bluechi: privilege escalation in bluechi via unrestricted cross-node systemd dependencies — BlueChi 7.2 High2025-12-24

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.