Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1000 CNY

100.0%
Buy Us a Coffee

CWE-863 (授权机制不正确) — Vulnerability Class 1242

1242 vulnerabilities classified as CWE-863 (授权机制不正确). AI Chinese analysis included.

CVE IDTitleCVSSSeverityPublished
CVE-2025-48044 Authorization bypass when bypass policy condition evaluates to true — ash 9.8AICriticalAI2025-10-17
CVE-2025-6892 Moxa多款产品 安全漏洞 — EDR-G9010 Series 8.8AIHighAI2025-10-17
CVE-2025-62651 Restaurant Brands International assistant platform 安全漏洞 — assistant platform 6.5 Medium2025-10-17
CVE-2025-62647 Restaurant Brands International assistant platform 安全漏洞 — assistant platform 5.0 Medium2025-10-17
CVE-2025-62648 Restaurant Brands International assistant platform 安全漏洞 — assistant platform 6.4 Medium2025-10-17
CVE-2025-62506 MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS — minio 8.1 High2025-10-16
CVE-2025-10545 Guest user can add unauthorized team users to private channels — Mattermost 3.1 Low2025-10-16
CVE-2025-54267 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 6.5 Medium2025-10-14
CVE-2025-54263 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 8.1 High2025-10-14
CVE-2025-54265 Adobe Commerce | Incorrect Authorization (CWE-863) — Adobe Commerce 5.9 Medium2025-10-14
CVE-2025-42939 Missing Authorization Check in SAP S/4HANA (Manage Processing Rules - For Bank Statements) — SAP S/4HANA (Manage Processing Rules - For Bank Statements) 4.3 Medium2025-10-14
CVE-2025-62243 Liferay Portal和Liferay DXP 安全漏洞 — Portal 4.3AIMediumAI2025-10-13
CVE-2025-48043 Bypass and runtime policies that can never pass may be incorrectly applied in filter authorization — ash 9.8AICriticalAI2025-10-10
CVE-2025-7374 WP JobHunt <= 7.6 Authenticated (Custom+) Authorization Bypass — WP JobHunt 5.4 Medium2025-10-10
CVE-2025-11340 Incorrect Authorization in GitLab — GitLab 7.7 High2025-10-09
CVE-2025-3719 Incorrect authorization for CLI in Guardian/CMC before 25.2.0 — Guardian 8.1 High2025-10-07
CVE-2025-44824 Nagios Log Server 安全漏洞 — Log Server 8.5 High2025-10-07
CVE-2025-59449 YoSmart YoLink MQTT broker 安全漏洞 — YoLink MQTT broker 4.9 Medium2025-10-06
CVE-2025-59451 YoSmart YoLink Application 安全漏洞 — YoLink application 3.5 Low2025-10-06
CVE-2025-10696 OpenSupports 4.11.0 — Insecure Direct Object Reference in supervised list — OpenSupports 4.3AIMediumAI2025-10-03
CVE-2025-49641 Insufficient permission check for the problem.view.refresh action — Zabbix 4.3 -2025-10-03
CVE-2025-27236 User information disclosure via api_jsonrpc.php on method user.get with param search — Zabbix 4.3 -2025-10-03
CVE-2025-11239 Job details are visible to all team members on KNIME Business Hub — KNIME Business Hub 4.3 -2025-10-02
CVE-2024-58260 Rancher update on users can deny the service to the admin — rancher 7.6 High2025-10-02
CVE-2025-41246 Improper authorisation vulnerability — Tools 7.6 High2025-09-29
CVE-2025-11060 Surrealdb: surrealdb is vulnerable to unauthorized data exposure via live query subscriptions 5.7 Medium2025-09-26
CVE-2025-59824 Omni Wireguard SideroLink potential escape — omni 9.9AICriticalAI2025-09-24
CVE-2025-43806 Liferay Portal和Liferay DXP 安全漏洞 — Portal 6.5AIMediumAI2025-09-22
CVE-2025-59714 Grouper 安全漏洞 — Grouper 6.5 Medium2025-09-19
CVE-2025-10016 Local Privilege Escalation in Sparkle Autoupdate Daemon — Sparkle 7.8AIHighAI2025-09-16

Vulnerabilities classified as CWE-863 (授权机制不正确) represent 1242 CVEs. The CWE taxonomy describes the weakness; review individual CVEs for product-specific impact.