Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-62189 LogStare Collector 安全漏洞 — LogStare Collector (for Windows) 6.5 -2025-11-21
CVE-2025-62730 Privilege Escalation via Incorrect Authorization in SOPlanning — SOPlanning 8.8 -2025-11-20
CVE-2025-59111 Broken Access Control in Windu CMS — Windu CMS 6.5AIMediumAI2025-11-18
CVE-2025-41346 Stored Cross-Site Scripting (XSS) in WinPlus by Informática del Este — WinPlus 8.1AIHighAI2025-11-18
CVE-2025-65073 Keystone 安全漏洞 — Keystone 7.5 High2025-11-17
CVE-2025-7736 Incorrect Authorization in GitLab — GitLab 3.1 Low2025-11-15
CVE-2025-11865 Incorrect Authorization in GitLab — GitLab 4.3 Medium2025-11-15
CVE-2025-41436 Unauthorized access to archived channel content via threads interface — Mattermost 3.1 Low2025-11-14
CVE-2025-11776 Guest user can discover archived public channels — Mattermost 4.3 Medium2025-11-14
CVE-2025-64753 grist-core has insufficient access control in endpoints for comparisons between documents and versions — grist-core 5.3 Medium2025-11-13
CVE-2025-11777 Cross-team channel membership access — Mattermost 3.1 Low2025-11-13
CVE-2025-64707 Frappe LMS revoking access did not show immediate effect as roles were cached — lms 6.3 -2025-11-12
CVE-2025-65002 Fujitsu iRMC 安全漏洞 — iRMC 7.5 High2025-11-12
CVE-2025-61830 Adobe Pass | Incorrect Authorization (CWE-863) — Adobe Pass 7.1 High2025-11-11
CVE-2025-11862 Verve Asset Manager Access Control Vulnerability — Verve Asset Manager 8.8 -2025-11-11
CVE-2025-49145 iTop admin can drop iTop database using webhooks — iTop 8.7 High2025-11-10
CVE-2025-12621 Flexible Refund and Return Order for WooCommerce <= 1.0.42 - Incorrect Authorization to Authenticated (Contributor+) Refund Status Update — Flexible Refund and Return Order for WooCommerce 5.3 Medium2025-11-08
CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass — SuiteCRM 8.3 High2025-11-08
CVE-2025-37736 Elastic Cloud Enterprise Improper Authorization — Elastic Cloud Enterprise (ECE) 8.8 High2025-11-07
CVE-2025-12038 Folderly <= 0.3 - Incorrect Authorization to Authenticated (Author+) Term Deletion — Folderly 4.3 Medium2025-11-01
CVE-2025-62275 Liferay Portal和Liferay DXP 安全漏洞 — Portal 4.3 -2025-11-01
CVE-2025-34273 Nagios Log Server < 2024R2.0.3 Non-Admin Dashboard Deletion — Log Server 4.3AIMediumAI2025-10-30
CVE-2023-7322 Nagios Log Server < 2024R1 Incorrect Authorization Granting Full API Access — Log Server 8.1AIHighAI2025-10-30
CVE-2025-62795 JumpServer Unauthorized LDAP Configuration Access via WebSocket — jumpserver 7.1 High2025-10-30
CVE-2025-12082 CivicTheme Design System - Moderately critical - Information disclosure - SA-CONTRIB-2025-112 — CivicTheme Design System 7.5AIHighAI2025-10-29
CVE-2025-62259 Liferay Portal和Liferay DXP 安全漏洞 — Portal 8.2AIHighAI2025-10-27
CVE-2025-11971 Incorrect Authorization in GitLab — GitLab 6.5 Medium2025-10-27
CVE-2025-11888 ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution <= 4.8.4 - Incorrect Authorization to Authenticated (Editor+) License Status Update — ShopEngine Elementor WooCommerce Builder Addon – All in One WooCommerce Solution 2.7 Low2025-10-25
CVE-2025-59048 OpenBao AWS Plugin Vulnerable to Cross-Account IAM Role Impersonation in AWS Auth Method — openbao-plugins 8.1 High2025-10-23
CVE-2025-62394 Moodle: quiz notifications sent to suspended participants 4.3 Medium2025-10-23

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.